Conversely, there were reductions in reported breaches and response times to threats in the report’s sample population.

According to a 2022 report on the state of cybersecurity in Operational Technology (OT) and Industrial control systems (ICS), cyber threats remain high as adversaries set their sights on control system components.

In response, organizations had significantly matured their security postures since last year’s study. However, data in the report shows that 35% of firms studied did not even know whether they had been compromised. Attacks on engineering workstations had also doubled in the last 12 months.

The finding that ICS risks remain high compared to 2021 figures are based on the following data trends:

    • 62% of respondents rated the risk to their OT environment as high or severe (down slightly from 69.8%). Ransomware and financially motivated cybercrimes topped the list of threat vectors (39.7%) followed by nation-state sponsored attacks (38.8%). Non-ransomware criminal attacks came in third (cited by 32.1%), followed closely by hardware/software supply chain risks (30.4%).
    • 10.5% of respondents indicated they had experienced a breach in the last 12 months (compared to 15%); of which 35% indicated that engineering workstations were an initial infection vector (doubling from 18.4%).
    • 35% did not know whether their organizations had been compromised (down from 48%) and 24% were confident that they had not had an incident — a 2x improvement.
    • 41% of access vectors were IT compromises, followed by replication through removable media (37%).
    • 66% indicated their control system security budget had increased over the past two years (up from 47%).
    • 56% indicated they were detecting compromises within the first 24 hours of an incident (up from 51%). The majority (69%) indicated they moved from detection to containment within six to 24 hours.
    • 87.5% had conducted a security audit of their OT/control systems or networks in the past year (up from 75.9%) — 29% had implemented a continual assessment program.
    • 83% of respondents indicated they monitored their OT system security. Of those, 41% used a dedicated OT SOC.

The report by Nozomi Networks Inc. indicates thatattacks like Incontroller have moved beyond traditional targets on enterprise networks, to directly targeting OT. According to the firm’s co-founder Andrea Carcano: “While threat actors are honing their ICS skills, the specialized technologies and frameworks for a solid defence are available, (with more) organizations proactively using them. Still, there’s work to be done. We encourage others to take steps now to minimize risk and maximize resilience.”