One-fifth of organizations did not make cybersecurity a priority during the pandemic

56% of IT and OT security professionals at industrial enterprises have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic in March, a Claroty research reveals. Additionally, 70% have seen cybercriminals using new tactics to target their organizations in this timeframe.

The report is based on a global, independent survey of 1,100 full-time IT and OT security professionals who own, operate, or otherwise support critical infrastructure components within large enterprises across Europe, North America and Asia Pacific, examining how their concerns, attitudes, and experiences have changed since the pandemic began in March.

Cybersecurity still not a priority, regardless of the pandemic

• 32% said their organization’s OT environment is not properly safeguarded from potential threats
• One-fifth of organizations did not make cybersecurity a priority during the pandemic
• COVID-19 has not only accelerated the adoption of new technologies (41% stated implementing new technology solutions as a priority during the pandemic), but also brought to the fore the challenges of having siloed teams (56% said collaboration between IT and OT teams has become more challenging)
• 83% believe that, from a cybersecurity perspective, their organization is prepared should another major disruption occur

COVID-19 impact on IT/OT convergence

Across the globe, COVID-19 has led cybercriminals to use new tactics and organizations to become more vulnerable to cyber attacks, with 56% of global respondents saying that their organization has experienced more cybersecurity threats since the pandemic began. Further, 72% reported that their jobs have become more challenging.

COVID-19 has clearly had an impact on IT/OT convergence, as 67% say that their IT and OT networks have become more interconnected since the pandemic began and more than 75% expect they will become even more interconnected as a result of it.

While IT/OT convergence unlocks business value in terms of operations efficiency, performance, and quality of services, it can also be detrimental because threats – both targeted and non-targeted – can move freely between IT and OT environments.

“While we would be short-sighted to think that we won’t have more challenges as we continue to face unknowns from this pandemic, protecting critical infrastructure is especially important in a time of crisis,” said Yaniv Vardi, CEO of Claroty.

“As large enterprises are trying to improve their productivity by connecting more OT and IoT devices and remotely accessing their industrial networks, they are also increasing their exposure as a result. OT security needs to be brought to the fore and made a priority for all organizations.

“Attackers know that IT networks are covered with cybersecurity solutions so they’re moving to exploit vulnerabilities in OT to gain access to enterprise networks. Not protecting OT is like protecting a house with state-of-the-art security and alarm systems, but then leaving the front door open.”

Most vulnerable industries

In terms of industries, globally the respondents ranked pharmaceutical, oil & gas, electric utilities, manufacturing, and building management systems as the top five most vulnerable to attack.

Most regions followed similar patterns, identifying three to five industries clustered closely toward the top of the list. The exceptions are the DACH region, where oil & gas clearly holds the top spot at 36%, and Singapore, where pharmaceutical is at 22%.