The pandemic pushed businesses out of their offices, sending employees to work from home (WFH), and opening up hacking opportunities for cyber criminals. A new report from the industrial cybersecurity company Claroty details how US IT (information technology) and OT (operational technology) security professionals see their organization’s more of a target since early March, when the US pandemic shut down industry. The security pros have also witnessed adversaries hatching new tactics as they target what they perceive as vulnerabilities.
Claroty’s report, “The Critical Convergence of IT and OT Security in a Global Crisis,” revealed that 60% of respondents believe their CISO demonstrated good leadership in the midst of a crisis, but also found that 86% said their organization’s leadership made cybersecurity a priority during the pandemic and implemented appropriate training resources for the company’s now dispersed workforce.
“This data clearly indicates that there has been an increase in cyber threats to industrial enterprises globally since the start of the pandemic, proving just how crucial it is to reduce risk by understanding the threats to OT security and improving collaboration between IT and OT teams,” said Yaniv Vardi, CEO of Claroty, in a press release.
“With the transition to remote work, many organizations have increased their focus on OT and IoT security and worked towards accelerating their IT/OT convergence. This will empower them to unlock business value and charge ahead with greater confidence even in the face of disruptions.”
Here are highlights from the report:
The survey results focused on
- The overall threat level during the COVID-19 pandemic
- The convergence of IT and OT networks
- How respondents adapted to the disruption
- Building resilience and moving forward
- Recommendations to help CISOs securely accelerate IT/OT convergence
Claroty’s cybersecurity research revealed that
- 53% of US industrial enterprises saw an increase in cybersecurity threats since the start of the COVID-19 pandemic
- More than half (51%) of respondents say their company has become more of a target to cyber criminals than it did pre-COVID-19
- 67% said they’ve seen new methods applied by cyber criminals to hack into their organization.
- Yet there are also targeted and non-targeted threats that more easily move between IT and OT, and there are security gaps between the two:
- 62% of US respondents found it more challenging to collaborate with their IT or OT counterparts during the pandemic.
- 44% believe that their OT networks are less secure than their IT networks.
IT and OT nets have accelerated convergence, because of the coronavirus pandemic, and IT/OT convergence unlocks business value in terms of
- Quality of Services
65% of US respondents say their IT and OT networks are now more interconnected, with a further 73% expecting further interconnection
How to adapt
Have a crisis plan that enables secure remote access to adapt quickly and safely
- 25% of US respondents’ said their top cybersecurity expert didn’t have a preexisting response plan
- 26% said their companies struggled with the shift to WFH
- 22% said their organization didn’t have a preexisting secure remote access solution for the workforce to securely work remotely (this doesn’t take VPN into account, because it isn’t secure enough for OT)
Prepare for the future
The enterprise is confident.
- 84% were confident their organization is cybersecurity prepared for another potential disruption
- 88% said their business updated its cybersecurity crisis response plan for the remote employees
Cybersecurity executives no longer lurk in the shadows, behind the scenes, trouble shooting like efficient gremlins; they have now been pushed into the spotlight, thanks to the pandemic and their implementation of new tech to ensure everyone in the company is secure.
- 60% believe that their CISO has shown good leadership
- 86% said their leadership made cybersecurity a priority during the pandemic
- 83% said CISOs provided proper training resources for working in a dispersed organization
Some sectors of industry are more penetrable to attack than others, and the top five industrial sectors most vulnerable to a cyber attack are
- Manufacturing (15.40%)
- Building management systems (12.80%)
- Electric utilities (12.60%)
- Pharmaceuticals (12.40%)
- Consumer goods (12%)
The independent global survey tapped 1,100 full-time IT and OT pros who own, operate or support critical infrastructure components within a big company, and explores how their concerns, experiences, and attitudes have changed since March.