90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited

90% of OT organizations stated their environments had been damaged by at least one cyberattack over the past two years, with 62% experiencing two or more attacks.

OT organizations cyberattack

These are the results of the Tenable “Cybersecurity in Operational Technology: 7 Insights You Need to Know” report, an independent study by the Ponemon Institute.

Key highlights from the study include:

  • Insufficient visibility into the attack surface: 80% of respondents cited lack of visibility into the attack surface , knowing what systems are part of their IT environments, as the number one issue in their inability to prevent business-impacting cyberattacks.
  • Inadequate staffing and manual processes limit vulnerability management: Lack of personnel and a reliance on manual processes were cited by 61% and 55% of respondents respectively as major obstacles in their ability to assess and remediate vulnerabilities.
  • C-Suite buy-in is key: 70% of respondents view increasing communication with executives and board members as one of their governance priorities for 2019.

The convergence of IT and OT is a reality in today’s digital era. But this convergence has connected once-isolated OT systems to a variety of attack paths.

This Ponemon study, based entirely on the self-reported experiences and observations of ICS and OT experts themselves, confirms that the threats to critical infrastructure are real, severe and ongoing.

OT organizations cyberattack

“OT professionals have spoken — the people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyberattacks on a regular basis,” said Eitan Goldstein, senior director of strategic initiatives, Tenable.

“Organizations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritize which to remediate first. The converged IT/OT cyber problem is one that cybersecurity and Critical Infrastructure teams must face together.”

Don't miss