The overwhelming majority (86%) of crucial nationwide infrastructure (CNI) organizations within the UK have skilled cyber-attacks on their operational know-how (OT) and industrial management programs (ICS) up to now 12 months, based on a brand new research by Bridewell Consulting.
Worryingly, greater than 9 in 10 (93%) of people who skilled assaults on this interval admitted that a minimum of one was profitable.
The survey of 250 UK IT determination makers within the aviation, chemical, vitality, transport and water sectors additionally discovered {that a} substantial proportion of organizations use legacy OT programs. A 3rd (34%) depend on programs which are between 11-20 years previous, whereas 79% use programs aged between six-20 years.
CNI organizations’ legacy infrastructure can also be turning into more and more related, which is probably widening the assault floor, with 84% confirming their OT/ICS environments are accessible from company networks. Moreover, simply 42% of these surveyed mentioned their OT/ICS programs will not be at the moment accessible from the web, and over half of these plan to make them accessible sooner or later.
The researchers additionally revealed that nearly a 3rd (32%) of CNI organizations have lowered their safety budgets for the reason that begin of the COVID-19 pandemic, which has led to 85% of IT and safety groups feeling rising strain to enhance cybersecurity controls for his or her OT/ICS setting.
Lack of abilities and growing obligations was one other problem outlined by IT determination makers (each cited by 23% of respondents), and 84% of CNI organizations consider they are going to be impacted by a crucial cyber-skills scarcity within the subsequent three to 5 years.
Regardless of this troubling panorama, greater than three-quarters (78%) of respondents expressed confidence that their OT programs are shielded from cyber-threats.
Scott Nicholson, Co-CEO at Bridewell Consulting, commented: “The report highlights some nuances between how some CNI organizations understand their cybersecurity posture versus actuality. Safety vulnerabilities, while difficult to remediate inside some CNI organizations, may have critical implications, not simply by way of substantial financial fines but additionally dangers to public security and even lack of life, so organizations merely can not afford to be complacent.”
