A recent report by industrial cybersecurity firm Dragos Inc. reveals a 50% surge in ransomware attacks targeting the industrial sector in 2023. Titled "The Importance of Industrial Cybersecurity," the report stresses the vital role of cybersecurity in safeguarding industrial operations amid digital transformation.
As companies invest heavily in digital innovation to boost efficiency and automation, the report highlights the risks linked with increased connectivity and digitalization of operational technology (OT). This includes vulnerabilities in industrial control systems (ICS) and OT, which create new avenues for cyber threats.
Key trends outlined in the report indicate significant vulnerabilities in the industrial sector:
- Limited Visibility: Around 90% of organizations lack visibility into their OT environments, including ICS networks and assets.
- Poor Security Perimeters: 88% of organizations have weak security perimeters around ICS networks, increasing the risk of attacks
- Infrequent Assessments: Only one in five organizations conducts ICS cybersecurity assessments more than once a year.
- Lack of Coordination: 63% of respondents report that OT and IT security efforts are not coordinated.
- The report stresses the need to address the unique challenges of OT cybersecurity, distinct from traditional IT security. OT systems operate in environments with strict safety requirements and long equipment lifecycles.
The convergence of IT and OT systems has eliminated the traditional "air gap," exposing OT networks to increased cyber risks. The report also notes the rise of OT-specific ransomware, posing a direct threat to industrial assets.
To combat these threats, organizations should tailor cybersecurity strategies to OT environments, prioritize assets, identify threat scenarios, and implement controls specific to industrial processes.
This report serves as a warning for the industrial sector to enhance cybersecurity measures, collaborate with experts, bridge the IT-OT cybersecurity gap, and adopt specialized tools to protect critical infrastructure from ransomware attacks.
