Search
Search
Close this search box.

ICS Security Risks Continue to Rise and Evolve

security

Basic security lapses are responsible for many cyberattacks. A worrying number of organizations are still neglecting to apply security patches regardless of the growing threats to systems and data.

SANS Institute’s annual survey of industrial control systems (ICS) security practitioners finds that threats are shifting, identifying attacks remains challenging, and some basic security practices are not implemented.

The fourth year of the survey found some improvements in protecting critical assets and infrastructure, while other challenges have emerged. For example, four out of 10 ICS security practitioners lack visibility or sufficient supporting intelligence into their ICS networks, which is one of the primary impediments to securing these systems. Ransomware was newly identified as a top threat, along with the growing addition of devices to the network.

Despite the high-profile news coverage of recent attacks of unpatched systems, SANS found that only 46% of respondents regularly apply vendor-validated patches. An astounding 12% neither patch nor layer controls around critical control system assets.

Bengt Gregory-Brown, survey author, noted, “Changes in ICS/SCADA environments have historically come at a pretty slow pace, but this pace is accelerating with IT/OT convergence, and the speed of change is challenging everyone working with these systems to keep up or accept growing levels of risk.”

Survey responders placed the highest priority on keeping OT systems reliable and available.

“With nearly 69% of ICS security practitioners saying threats to the ICS systems are high or severe and critical, it becomes clear that companies must pay attention at the highest levels to ensure the safety, reliability and integrity of their company’s control systems,” said Doug Wylie, director of the Industrials & Infrastructure Practice Area at SANS Institute.

SANS and experts will share results of the survey during a two-part webcast Tues., July 11 and Wed., July 12 at 1:00 p.m. EDT. The webcasts are sponsored by Great Bay Software, Nozomi NetworksPASTempered Networks and TripWire.

Register to attend the webcasts at www.sans.org/u/tGu and www.sans.org/u/tGz.

TAGS :
SHARE :
Picture of Carlos Casanova

Carlos Casanova

Carlos Casanova is an internationally known speaker, IT architect, leadership advisor, and co-author of The CMDB Imperative. He has over two decades of hands-on experience guiding CIOs and Sr. Leadership to achieve effective IT operations and improve ROI from infrastructure investments. His expansive experience enables him to quickly assess their true needs and achieve better business outcomes. He takes the complexity out of today's cluttered IT and business environments to simplify their goals in order to accelerate achievement and success.
Picture of Carlos Casanova

Carlos Casanova

Carlos Casanova is an internationally known speaker, IT architect, leadership advisor, and co-author of The CMDB Imperative. He has over two decades of hands-on experience guiding CIOs and Sr. Leadership to achieve effective IT operations and improve ROI from infrastructure investments. His expansive experience enables him to quickly assess their true needs and achieve better business outcomes. He takes the complexity out of today's cluttered IT and business environments to simplify their goals in order to accelerate achievement and success.
WIll Sue of Gerent
Information Security
Cybersecurity for SMBs: Practical Advice from Expert Will Shu
Read More
Data Loss Prevention
Information Security
Data Loss Prevention vs. Data Detection and Response
Read More
Ransomware Attacks on Banks
Information Security
Preventing Ransomware Attacks on Banks: 8 Essential Pointers
Read More

IT Chronicles

Follow us

IT Chronicles

Follow us

Explore our topics