A new study of Bridewell Consulting showed that The vast majority (86%) of organizations managing critical national infrastructure in the UK have experienced cyber attacks in the last 12 months. Cyber attacks affect OT (operational technology) and ICS (industrial control systems) systems.
The most worrying thing, though, is that 9 out of 10 (93%) of these organizations, admitted that at least one of attacks was successful.
The research involved 250 decision-makers from various sectors: aviation, chemicals, energy, transportation and water. The researchers found that a significant percentage of organisms use old OT systems. One third (34%) rely on systems 11-20 years, while 79% use systems 6-20 years.
However, the systems of the UK's critical infrastructure organizations are increasingly linked to the Internet, therefore the chances of attacks increase. 84% of organizations confirm that OT / ICS environments are accessible through corporate networks. In addition, only 42% of respondents stated that their OT / ICS systems are not accessible from Internet and more than half intend to make them accessible in the future.
The researchers also revealed that almost one third (32%) of these organizations have reduced cybersecurity-related budgets from the onset of the pandemic COVID-19. This budget cut has led to 85% of IT teams and experts security feel a lot of pressure to improve controls on OT / ICS systems.
Η lack of skills and increased responsibilities is another challenge described by decision makers. 84% of organizations involved in critical infrastructure believe that a lack of skills will create problems for them in the coming years.
Nevertheless, about three quarters (78%) of respondents said they have confidence in the security systems in place and that their OT systems are protected by threats in cyberspace.
Ο Scott Nicholson, Co-CEO of Bridewell Consulting said the report shows differences between what many CNI agencies believe about safety and in what is actually happening. He even said that possible vulnerabilities could have serious consequences, and these are not limited to fines. Could be endanger public safety, therefore organizations should not be complacent.
Source: Infosecurity Magazine