ICS & OT Cybersecurity Attack Trends
Trend Micro also found that enterprises suffered multiple attacks and disruptions over a 12-month period. 72% of respondents reported experiences at least six ICS/OT disruptions due to cyberattacks.
Despite multiple disruptions—and the consequences of such—Trend Micro found that less than half of organizations (48%) take actions to reduce future risks.
Maturity of cybersecurity implementation
Enterprises may be struggling to fend off multiple attacks due to the maturity of their cybersecurity program. Trend Micro used the NIST Cybersecurity Framework (CSF) to measure respondents’ cybersecurity maturity level across IT and OT for each of the five framework functions (identify, protect, detect, respond, recover).
Ideally, an enterprise’s cybersecurity program should fit into Tier 4 of the NIST Implementation Tiers wherein businesses utilize advanced adaptive cybersecurity techniques which analyze behaviors/events to help proactively protect from or adapt to threats.
However, Trend Micro found that for IT security, 40% of respondents are in Tier 2 (risks are informed in each function) and 25% in Tier 1 (partial security processes in place). In comparison, the maturity of OT security is drastically less, with the majority (33%) of respondents in Tier 1.
Compounded by a cybersecurity skills shortage of 2.7 million jobs, it’s understandable that many organizations are being repeatedly exploited.
Drivers to strengthen ICS/OT cybersecurity
Unsurprisingly, Trend Micro found that preventing the recurrence of incidents was the #1 reason respondents wanted to strengthen their cybersecurity. The report also found that up until the survey was conducted, requests by a business partner/client/customer and the implementation of the cloud were the next top reasons to strengthen cybersecurity controls for ICS/OT. However, when polled about motivations for the next three years, the second and third drivers for change were different.
The consensus across the three industries was that the adoption of new technologies like private 5G and the cloud coupled with the need to comply with industry regulations to mitigate risks would be the major driving forces behind enhancing their cybersecurity.
Reducing industrial cybersecurity risk
Considering that the OT side of industrial environments reported a significantly lower cybersecurity maturity level than ICS, the implementation of new and necessary technologies could cause further issues. Not only do security teams need to be further educated in best security practices for these emerging technologies, but the digital attack surface is expanding too.
It’s evident that CISOs and security leaders need a security solution that provides holistic, comprehensive visibility across their entire attack surface that enables more proactive protection and analysis to reduce cyber risk.
A cybersecurity platform like Trend Micro One that supports integration with ICS/OT specific tools as well as XDR can help raise situational awareness across this complex environment by correlating threat intelligence and deep activity data from endpoints, devices, users, cloud, networks, and more.
Leveraging a unified cybersecurity platform with IT, OT, and CT-centric solutions and XDR and professional services, delivers security coverage across levels 1 through 5 of the Purdue Enterprise Reference Architecture (PERA). This structural model, now commonly referred to as the Purdue model, helps to organize ICS/OT systems and technologies based on purpose.