Drives and Controls Magazine
75% of industry hit by ransomware attacks in past year
Published:  14 December, 2023

A global poll of 1,100 IT and OT (operational technology) security professionals working in the industrial sectors has found that 75% of them were targets of ransomware attacks in the past year. The independent poll, conducted for the cybersecurity firm Claroty, also found that 69% of the targeted organisations had paid the ransom, and that more than half (54%) of those who paid suffered financial ramifications worth $100,000 or more.

Claroty has published the findings in a report, The Global State of Industrial Cybersecurity 2023: New Technologies, Persistent Threats, and Maturing Defenses. Some 500 of those quizzed were from North America, 250 from the EMEA region, 250 from Asia-Pacific and 100 from Latin America.

The study shows that the impact of ransomware attacks on OT environments is catching up on IT environments. In a previous survey that Claroty conducted in 2021, 32% of ransomware attacks affected IT only, while 27% affected both IT and OT. Today, 21% impact IT alone, while 37% affect both IT and OT – a 10% jump in two years. Claroty says that this trend reveals an expanding attack “surface area”, and an increasing risk of operational disruption coming from the convergence of OT with IT.

The increased threats and financial losses come as new technologies are being integrated into OT environments. For example, 61% of respondents are now using security tools that use generative AI and an 47% say that this has raised their security worries.

The respondents report a high demand for cyber-insurance, with 80% of organisations having paid for cyber-insurance policies and about half (49%) having opted for policies offering $500,000 or more of coverage.

“Our study shows that there is clearly no shortage of challenges facing OT security professionals, but we also found tremendous room for opportunity and appetite to mature security posture across industrial environments,” says Claroty CEO, Yaniv Vardi. “Organisations are already working to bolster their risk assessment, vulnerability management and network segmentation practices, in order to be highly proactive in their defence of cyber-physical systems.”

Claroty reports that progress is being made to close gaps in processes and technology, including:
Network segmentation 77% of those polled describe their approach to network segmentation as “moderate” or “mature,” thus restricting the lateral movement of cyberattacks through networks, including from IT to OT.
Vulnerability and risk management 78% describe their approach to identifying vulnerabilities as being “moderately” or “highly” proactive – up from 66% in 2021. However, the pace of vulnerability disclosures and patch releases is outpacing the organisations’ ability to address them. As a result, they are exploring a variety of risk scoring methods to help them to prioritise their actions. The most popular methods are the Common Vulnerability Scoring System, used by 52% of the respondents, followed by existing risk scores (49%), the Exploit Prediction Scoring System (46%), and the Known Exploited Vulnerabilities Catalogue (45%).
Future initiatives the top OT security initiatives that those polled plan to implement in the coming year are risk assessment (named by 43% of respondents), followed closely by asset, change, and/or lifecycle management (40%) and vulnerability management (39%).

Claroty says that governments have recognised the need for industry regulations and standards, and that these are now driving OT security priorities and investments. Almost half of those polled (45%) say that TSA Security Directives have had the most significant impact on their organisation’s security priorities and investments, followed by CDM Defend (39%) and ISA/IEC-62443 (37%).

Claroty:  Twitter  LinkedIn  Facebook