A significant 98% of UK organisations experienced some form of a security incident in the last 12 months, according to a new report from Barracuda Networks (Barracuda), a trusted partner and leading provider of cloud-enabled security solutions.
The report, titled The State of Industrial Security in 2022, surveyed 800 senior IT managers, senior IT security managers and project managers responsible for Industrial Internet of Things (IIoT)/Operational Technology (OT) in their organisation to get their perspectives on IIoT/OT security projects, implementation challenges, security incidents, technology investments and a variety of issues related to cybersecurity risks.
The data revealed that web application attacks were the most common security incident for UK organisations, with 45% encountering at least one in the last 12 months. Additionally, 29% suffered from a malicious external hardware or removable media, 36% encountered a DDoS attack, 31% had remote access compromised and 29% encountered a compromised supply chain.
Nearly one in 10 (9%) UK businesses said that the worst security incident they suffered in the last 12 months had a ‘significant’ impact on their organisation and led to a complete shutdown of all devices or locations. Furthermore, 39% said their worst incident had a moderate impact, whereby a large number of devices or several locations were impacted and 50% said minimal impact was observed, where a few devices or just one location was impacted. Only 2% said no impact was experienced at all.
The downtime for these security incidents ranged from less than a day to up to four days, in the UK. The majority or organisations (42%) said that their most significant security incident impacted operation for two days.
As a result, 99% of all UK IT leaders are ‘concerned’ to at least some extent about the current threat landscape and geopolitical situation, in terms of the impact it may have on their organisation.
“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organisations at risk,” said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security, Barracuda.
“Issues such as the lack of network segmentation and the number of organisations that aren’t requiring Multi-Factor Authentication leave networks open to attack and require immediate attention.”
Organisations across the board have acknowledged the importance of investing even further in IIoT and OT security, with 96% of business leaders, globally, noting that their organisation needs to increase their investment in industrial security. A full 72% of organisations signalled that they have either already implemented or are in the process of implementing IIoT /OT security projects, but many are facing significant challenges when it comes to implementation, including basic cyber-hygiene.
Click below to share this article