The State of Global Operational Technology 2022 – part 1
SCADAfence, the OT & IoT cybersecurity technology consultancy, conducted a survey on the current state of OT security, the negative consequence of the shortage of qualified workforce in the field, and the general level of risk organisations are currently facing.
In 2022 SCADAfence surveyed over 3500 OT and IT security experts all around the world. Most of them came from North America – 39%, followed by Europe with 26%, South America – with 18%, and 10% from Asia.
The surveyors divided their questions into three main categories
OT Security Risk
With the advance in digitisation, networks and interconnectedness of things, industrial OT systems are becoming a part of the global information network. This caries with itself both advantages – the ability to remotely access and control industrial processes – and disadvantages – it increases the exposure of these systems to security vulnerabilities that need to be addressed. This requires an all-encompassing security strategy covering an exhaustive audit of the enterprise’s OT environment, inclusive of policies, procedures, technologies, and best practices.
Q1 – What is your organisation’s perception as to the level of OT security risks to your company’s overall risk profile?
55% of respondents were of the view that the OT security risk level was high for the company’s overall risk profile.
21% believed it was severe.
20% considered moderate.
With 4% remaining unknown.
Q2 – What elements do you consider to be at the greatest risk for compromise to your OT/control systems
The ‘Human Factor’ comes on top of various cybersecurity surveys trying to establish what is the main reason for security breaches. It shall come as no surprise that this survey returned the same result.
79% of respondents considered a human error to be the greatest risk for compromise to OT systems.
Systems can be compromised by unauthorised or incorrectly configured software or hardware – such as a remote unsecured access point to an OT network installed by a maintenance engineer without permission or notification to the network system administrator about the existence of such gateway.
Only 11% thought it was technology that posed the greatest risk whereas 10% pointed to processes.
Q3 – What is the biggest challenge for managing OT risks?
42% of OT security professionals thought lack of visibility to be the biggest challenge for managing OT risks.
Effective OT/ICS security starts with asset visibility. Most OT networks lack a proper asset inventory map making it impossible for adequate monitoring of the system and possible detection of cyber incidents in an efficient way.
36% pointed to the disconnection between OT & IT as the biggest challenge in this category.
Whereas 22% blamed lack of skills for such a state of affairs.