Ransomware stalks the factory floor. Claroty, a cyber-physical systems protection company, has released a new study revealing a concerning surge in ransomware attacks within the industrial sector. The research, “The Global State of Industrial Cybersecurity 2023: New Technologies, Persistent Threats, and Maturing Defenses,” is based on a global survey of 1,100 information technology (IT) and operational technology (OT) security professionals. An overwhelming majority, 75% of respondents, reported experiencing ransomware attacks in the past year, according to the study.
What’s notable is the evolving nature of these attacks, with the impact on operational technology (OT) environments catching up to that on information technology (IT) environments. In the 2021 survey, 32% of ransomware attacks affected IT only, while 27% impacted IT and OT. In the latest findings, 21% targeted IT alone. However, a significant 37% impacted IT and OT, highlighting the growing risk associated with IT/OT convergence.
Cyber Insurance
Financially, the consequences are staggering. 69% of those targeted paid the ransom, and more than half (54%) suffered financial losses exceeding $100,000. To mitigate such risks, 80% of organizations have opted for cyber insurance policies, with 49% choosing coverage of $500,000 or more.
Amid the onslaught, security professionals are turning to advanced technologies like generative AI. However, 47% express concerns about its security implications. The challenges have prompted governments to take action, with regulations and standards driving OT security priorities. TSA Security Directives lead the impact at 45%, followed by CDM DEFEND (39%) and ISA/IEC-62443 (37%).
While organizations grapple with the integration of new technologies, they are simultaneously fortifying their defenses. Some 77% of respondents have adopted network segmentation, a critical strategy for thwarting lateral cyber attacks. In vulnerability and risk management, 78% describe their approach as moderately to highly proactive.
Looking ahead;
- Risk assessment emerges as a priority for 43% of respondents.
- Asset, change, and lifecycle management (40%).
- Vulnerability management (39%).
Methodology
Claroty contracted with Pollfish to survey 1,100 information technology (IT) and operational technology (OT) security professionals in North America (500), Latin America (100), EMEA (250), and Asia-Pacific (250). Only individuals who work full-time in IT security, OT security, or as an OT engineer/operator completed the survey for 1,100 respondents. More than a dozen industries are represented, including Automotive, Chemical, Electric Utilities, Food and beverage, Oil and gas, Pharmaceutical and biotechnology, Transportation, Water and waste, Consumer Products, Mining and materials, IT Hardware, Forestry, Pulp and paper. The survey was completed in November 2023.
Source: 75% of the Industrial Sector Experienced a Ransomware Attack in the Past Year, Claroty Study Finds
Other News: Hackers Get Trickier as Companies & Cyber Insurers Improve Their Defenses (Opens in a new browser tab)