"Over 80% of CNI Firms Have Been Breached in Past 36 Months"

Security researchers at Skybox Security stated that most IT and security leaders in critical infrastructure (CNI) organizations are underestimating the scale of the cyberthreat, despite having suffered breaches over the past three years.  The researchers polled 179 operational technology (OT) security decision-makers in the US, UK, Germany, and Australia, with most hailing from companies with $1bn or more in revenue from the manufacturing, energy, and utility industries.  The researchers found that 73% of CIOs and CISOs are "highly confident" their organizations will not suffer an OT breach next year, despite 83% having suffered such an incident over the past 36 months.  Only 37% of hands-on plant managers were similarly confident, highlighting the disconnect between perception and reality at a senior decision-making level.  The researchers also found that a third (34%) of respondents appeared to be over-relying on insurance as a security strategy, claiming it is a sufficient solution. The security researchers stated that new OT vulnerabilities were up 46% compared to the first half of 2020. The researchers noted that despite the rise in vulnerabilities and recent attacks, many security teams do not make OT security a corporate priority because some security team personnel deny they are vulnerable yet admit to being breached.  The researchers also stated that the belief that their infrastructure is safe despite evidence to the contrary has led to inadequate OT security measures.

Infosecurity reports: "Over 80% of CNI Firms Have Been Breached in Past 36 Months"