SAN FRANCISCO, March 23, 2020 — A new Newsweek Vantage survey finds as critical infrastructure organizations converge their IT, OT, IoT and physical systems to improve overall performance, employees are the biggest threat to cyber and physical security.
The independent report, “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure,” queried over 400 C-level executives from critical infrastructure organizations across North America, Europe and Asia/Pacific and found:
- 52% say employees are the biggest threat to operational security
- Cyber incursion into IT data systems accounted for 53% of attacks in the last 12 months
- 85% of security incursions made their way into OT networks – of those, 36% started in IT/data systems and 32% involved physical incursion into OT
- More than half (64%) say it took a cyber or physical security breach to motivate them to move toward a more holistic approach to cyber-physical security
- A quarter believe their existing security is adequate
“The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organizations must move swiftly to gain visibility and enhance cybersecurity into their OT and IoT networks,” said Nozomi Networks CMO Kim Legelis. “It’s a board issue and an employee issue. We are encouraged that organizations recognize both the threats and the opportunities of modernizing critical infrastructure. We know from working with thousands of industrial installations, that it’s possible to monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees.”
Other report findings include:
The Integration of IT, OT and Physical Systems is Mainstream
- 88% of critical infrastructure executives surveyed have either already integrated their systems or say the integration process is underway
- 68% say that some of their OT and/or physical systems are isolated from IT, but that the integration process is ongoing
- One in five respondents (20%) say that all their systems are fully integrated with externally accessible systems, and even fewer (11%) say that none are
The Threat Landscape is Changing – and So Are Security Postures
- Nearly nine in 10 executives say their organization has experienced a security incident in the previous 12 months and more than half have suffered two or more
- 85% of security incidents involved OT – of those, 36% started in IT/data systems and 32% involved physical incursion into OT
- Nearly half of respondents (47%) say cybercriminals pose the biggest risk
- But an even larger number (52%) believe former and current employees are the greatest threat
- 70% of respondent organizations are taking steps to address the new vulnerabilities created by the integration of cyber/digital and OT/physical systems, though the specific nature of those steps varies
Challenges and Obstacles to a Holistic Approach to Cyber-Physical Security
- Nearly half of respondent organizations (49%) struggle with differences in risk tolerances between IT and OT in an environment that has traditionally associated those two areas with very different goals
- Differences between IT and OT operating environments (43%) and cyber/IT skills requirements (40%) are the top two technical obstacles
- 30% face employee resistance to cultural change
Motivating Change
- 32% say clear directives regarding risk tolerance or performance either from IT/OT executives or from the CEO or Board is driving change
About Nozomi Networks
Nozomi Networks protects the world’s critical infrastructure from cyber threats. Our platform uniquely combines network and endpoint visibility, threat detection, and AI-powered analysis for faster, more effective incident response. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com
Global Press Contact
Jill Backstrom
jil.backstrom@nozominetworks.com - 303.913.1650
Read the Nozomi Networks Blog - Follow Nozomi Networks on Twitter and LinkedIn