IT/OT Collaboration
News
OT Network security
Reports
Vendors

Applied Risk releases State of Industrial Cybersecurity 2020 report

November 19, 2020
state of industrial cybersecurity

Industrial cybersecurity company Applied Risk released it’s annual report looking at the state of industrial cybersecurity. The report includes a number of insights on operational technology security from Applied Risk’s work with clients around the world and findings from the company’s research teams from January 2019 until July 2020.

“Though COVID-19 has impacted our ways of working, the trends affecting OT security have not significantly changed in themselves, but there were rather changes in direction and degree of these trends,” the report says. “This report identifies and analyses a few key trends and presents some insight as to their causes, effects and future implications. Some of these trends overlap or continue from previous years. However, the skills shortage is considered the overarching trend: without adequate skill sets it will be almost impossible for organisations to manage and maintain an effective OT security posture.”

The  State of Industrial Cybersecurity 2020 report looks at the impact the COVID-19 pandemic has had on OT environments. [optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

“For those industries hardest hit, difficult decisions have had to be made with often far-reaching consequences for employees, industry supply chains and consumers alike. Faced with the priority of cash flow preservation, many new projects that involve significant Operational Technology (OT) investment have been put on hold or cancelled altogether. Other organisations have had to accelerate their OT resilience plans, but on reduced budgets,” the report says. “Within the hardest hit industries, existing business operation headcounts are being reduced to cut down costs, often leaving skillset gaps and voids within teams tasked with protecting the availability and integrity of OT systems. While industry continues to face up to the challenges of adapting to the ‘new normal’, cybercriminals have seen opportunities to exploit, profit and cause harm.”

Like most of the world, the OT domain has seen an increase in remote access. Applied Risk researchers also noted an increase in IT/OT integration and cloud adoption in OT.

“With a big increase in OT system remote user access and operations, security considerations and safety implications have had to be considered against business continuity needs. For those organisations not able to scale-up secure remote user access to their OT systems, compromises have ultimately had to be made, inevitably increasing risk exposure,” the report says. “Asset owners and operators are having to adapt to a COVID-19 risk landscape that highlights the importance of “Situational Awareness”. Therefore, they are moving towards situation aware, agile and responsive operations, taking more preventative security decisions and taking effective action ahead of time, rather than reacting after an event has occurred.”

Applied Risk has noted an increase in mergers and acquisitions in the OT security market along with an increase in focus on maintaining core operations while still improving OT security performance. Researchers also noted that while  investment in OT security increased in some sectors, it decreased in others.

“The convergence of traditional IT being used within the OT domain has led to a natural progression of traditional IT or OEM companies acquiring OT focused cyber security companies,” the report says. “The main drivers are to expand their solution portfolio offerings to their customers or to acquire OT dependent customers. This trend of big companies acquiring OT security companies will continue as they need to expand their solution offerings and because IT companies need to meet the demands of and remain relevant to their OT customers. Mergers and acquisitions between organisations that offer strengths in IT and OT capabilities make strategic sense, as this enables them to offer “one-stop shops” catering for both cyber security products and consulting services in both OT and IT environments.”

Additionally, the  State of Industrial Cybersecurity 2020 report indicates continued strengthening of OT security laws and regulations, increased complexity in cyber insurance products, and growth in the use of undocumented applications and “Shadow OT.” All the while, Applied Risk says the shortage in OT security skills continues.

“Applied Risk’s assessment of the state of OT security for 2019 and first half of 2020 leads to the conclusion that the main challenges observed in the field continue to stem from deficiencies in governance,” the report says. “Clear ownership must be properly defined in order to drive all the OT security improvements in the organisation within a strategic framework and maintain such commitment over the long term. Equally important are the business goals and the organisation’s vision of OT security.”

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns