Claroty reports that 80 percent of OT/ICS organizations experienced a ransomware attack last year

Claroty reports that 80 percent of OT/ICS organizations experienced a ransomware attack last year

Industrial cybersecurity vendor Claroty revealed in a survey that 80 percent of OT/ICS organizations are reporting that their security budgets have risen since the start of the COVID-19 pandemic, with an equal number saying that they have experienced a ransomware attack in the last year. Additionally, 47 percent have reported impacting their OT/industrial control system (ICS) environment. The company did not, however, clearly differentiate as to how many were direct operational technology (OT) attacks and how many attacks were targeted at the IT infrastructure, which may have led to the OT getting impacted.

Looking more closely at the distribution of attacks, in industries including IT hardware, oil and gas, water and waste, and automotive, 90 percent of respondents were impacted by ransomware and 87 percent in heavy industry and electric energy, Claroty said in its survey report titled ‘The Global State of Industrial Cybersecurity 2021: Resilience and Disruption.’ 

The Claroty report was contracted to Pollfish to conduct a survey of IT and OT security professionals in the U.S., Europe, and Asia-Pacific. The survey sample consisted of 1,100 respondents working full-time in IT security, OT/ICS security, or as an OT/ICS engineer or operator across a dozen industries, including oil and gas, including pipelines, transportation, and water and waste. The survey was completed in September last year.

Most respondents categorize their organization’s cybersecurity maturity at level 4, the managed level, with Europe the exception at maturity level 3, Claroty said on Thursday. “On a global basis more than 65% rate their vulnerability management strategy as moderately to highly proactive, with Europe at 55%. Yet ransomware attacks are still highly successful,” it added. 

More than 60 percent of the respondents paid the ransom and 52 percent of the survey respondents paid US$500,000 or more, Claroty revealed. The U.S. led the way, where 76 percent paid the ransom and 57 percent paid $500,000 or more, compared to the 51 percent that paid in APAC and 49 percent in Europe. Payouts also trended lower in those regions, concentrated in the $100,000 – $500,000 range, it added. 

Additionally, most respondents estimated a loss in revenue per hour of downtime to their operations equal to or greater than the payout, Claroty said. Even among those who did pay the ransom, 28 percent still experienced substantial impact to operations for more than a week. These findings suggest that, despite the well-known downsides of paying the ransom, the alternative (revenue loss due to prolonged operational downtime) is too costly for most victim organizations to justify. Over 90 percent disclosed the incident to shareholders and/or authorities, while 69 percent believe timely reporting should be mandatory, it added. 

Claroty disclosed that digital transformation continues to accelerate since the pandemic, and remote/hybrid work will continue at 73 percent of organizations. Nearly 90 percent are looking to hire, but 54 percent of the respondents say it is hard to find enough qualified OT security candidates. While digital transformation and remote access unlock tremendous business value, these changes to OT/ICS environments also introduce risk by creating additional vectors for attackers. Results have played out in the headlines and spurred renewed warnings by the government on the risk of connecting industrial networks to IT networks and the need for a heightened state of awareness and controls.

Claroty data showed that organizations internalized the lessons learned from high-profile cyberattacks and prioritized cybersecurity by increasing investments and implementing new or updated processes and controls. For instance, on a global basis, over half of the respondents say their organization’s C-suite and board are very involved in cybersecurity decision-making and oversight, which bodes well for ongoing investment and prioritization. 

Following recommended best practices, on a global basis, more than 60 percent of respondents are centralizing OT and IT governance under the CISO, Claroty said. Confidence in the capabilities of their IT security professionals to manage the OT/ICS environment’s cybersecurity continues to grow, reaching 65 percent up from 61 percent in the company’s previous survey conducted last year. “But there is an ever-increasing need for security professionals. Nearly 90% are looking to hire, with 40% saying the need is urgent and 54% reporting it has been somewhat difficult to find enough candidates with the skills and experience required to properly manage an OT network’s cybersecurity,” it added.

The survey report also revealed that about 62 percent of respondents are aligned with government direction towards mandatory, timely reporting of cybersecurity incidents affecting IT and OT/ICS systems.

Claroty also threw light on the fact that gaps in processes and technology remain. “More than 65% rate their organization’s vulnerability management strategy as moderately to highly proactive, yet ransomware attacks are highly successful. Nearly 30% share passwords, 57% employ usernames and passwords, and 44% use VPNs – all areas of opportunity to strengthen resilience,” it said in its survey report.

On a global basis, the Claroty report revealed that a third of respondents said that training related to preventing and managing future cyberattacks is not adequate or not provided. “In our 2020 survey, 83% reported training related to working remotely was provided. However, it appears skills development to mitigate risk from attacks that take advantage of vulnerabilities spurred by this new, distributed environment is lacking.” 

The data also revealed that OT remote access needs improvement. “Nearly 30% are sharing passwords (although this is closer to 20% in APAC and Europe), 57% employ usernames and passwords, and 44% use VPNs. Basic cyber hygiene, stronger passwords, and secure remote access solutions can help strengthen resilience against attacks,” the report added.

Claroty data revealed that over 80 percent of respondents reported that both their IT and OT/ICS security budgets have increased since the start of the COVID-19 pandemic. The number is close to 90 percent among industries, including oil and gas, and electric energy. 

“This widespread increase in investment is likely a direct result of executive- and board-level prioritization of cybersecurity amidst the scourge of ransomware that has disrupted operations for most industrial organizations surveyed, as well as the high-profile SolarWinds compromise which put IT companies on notice that they could be launching pads for this particularly insidious type of attack,” it added.

“Our research shows that critical infrastructure security is at a pivotal juncture, where threats are proliferating and evolving, but there’s also a growing collective interest and desire in protecting our most essential systems,” Yaniv Vardi, CEO of Claroty, said in a media statement. “Security leaders looking to take their programs to the next level must account for all cyber-physical systems in their risk governance practices, segmenting their IT and OT networks and assets, extending their general IT cybersecurity practices to their OT devices, and consistently monitoring for threats across all networks.”

Earlier this week, TXOne Networks released its 2021 cybersecurity report that revealed that the number of ICS-CERT advisories dramatically increased in 2021, as attackers have a more extensive arsenal to use and launch potential threats in an ICS environment.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related