Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Organizations Faster at Detecting OT Incidents, but Response Still Lacking: Report

SANS has published its 2024 State of ICS/OT Cybersecurity report, based on a survey of over 530 critical infrastructure sector professionals.

Organizations have been getting faster at detecting incidents in industrial control system (ICS) and other operational technology (OT) environments, but incident response is still lacking, according to a new report from the SANS Institute.

SANS’s 2024 State of ICS/OT Cybersecurity report, which is based on a survey of more than 530 professionals in critical infrastructure sectors, shows that roughly 60% of respondents can detect a compromise in less than 24 hours, which is a significant improvement compared to five years ago when the same number of respondents said their compromise-to-detection time had been 2-7 days.

Ransomware attacks continue to hit OT organizations, but SANS’s survey found that there has been a decrease, with only 12% seeing ransomware over the past 12 months. 

Half of those incidents impacted either both IT and OT networks or only the OT network, and 38% of incidents impacted the reliability or safety of physical processes. 

In the case of non-ransomware cybersecurity incidents, 19% of respondents saw such incidents over the past 12 months. In nearly 46% of cases, the initial attack vector was an IT compromise that allowed access to OT systems. 

External remote services, internet-exposed devices, engineering workstations, compromised USB drives, supply chain compromise, drive-by attacks, and spearphishing were each cited in roughly 20% of cases as the initial attack vector.

While organizations are getting better at detecting attacks, responding to an incident can still be a problem for many. Only 56% of respondents said their organization has an ICS/OT-specific incident response plan, and a majority test their plan once a year.

SANS discovered that organizations that conduct incident response tests every quarter (16%) or every month (8%) also target a broader set of aspects, such as threat intelligence, standards, and consequence-driven engineering scenarios. The more frequently they conduct testing, the more confident they are in their ability to operate their ICS in manual mode, the survey found.

Advertisement. Scroll to continue reading.

The survey has also looked at workforce management and found that more than 50% of ICS/OT cybersecurity staff has less than five years experience in this field, and roughly the same percentage lacks ICS/OT-specific certifications.

Data collected by SANS in the past five years shows that the CISO was and remains the ‘primary owner’ of ICS/OT cybersecurity. 

The complete SANS 2024 State of ICS/OT Cybersecurity report is available in PDF format. 

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks

Related: American Water Bringing Systems Back Online After Cyberattack

Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider, Phoenix Contact, CERT@VDE

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.