Sapien Cyber releases study into OT environment security

Attacks on operational technology (OT) would ‘cripple’ most US businesses, according to cybersecurity leaders in Sapien Cyber study.

A cyberattack on Operational Technology (OT) has the potential to ‘cripple’ the overwhelming majority (83%) of US organisations, according to a poll of 100 enterprise security leaders commissioned by Sapien Cyber.  

The independent study conducted by research house Norstat of US cybersecurity leads, including CSOs and CIOs found that the overwhelming majority (88%) recognise that the number of cybersecurity threats facing their business is increasing every year.  

Despite 90% of respondents working within US enterprises stating that they have evaluated the threats to Operational Technology such as heating, ventilation, and air conditioning systems, less than one-in-ten (8%) say physical security such as OT environments are taken more seriously than IT networks. Just over half (57%) said that they treat physical and cybersecurity systems as equally important, and 93% stated that their building management system was a part of the organisation’s cybersecurity strategy. 

Glenn Murray, Managing Director and CEO of Sapien Cyber, says: “It is clear that any attack on critical infrastructure has the potential to cause untold disruption for many organisations. This isn’t just about taking a financial hit, but reputational risk and the potential of human fatalities as well.  

“President Biden’s meeting with Vladmir Putin earlier this year signalled how seriously attacks to critical infrastructure are taken at the very highest levels of Government.”  

Recent evidence from the Cyber Security and Infrastructure Agency (CISA) suggests that cybercriminals are increasingly targeting Operational Technology with ransomware attacks, particularly against critical infrastructure.    

The Colonial Pipeline cyberattack earlier this year demonstrated the risks involved in not protecting critical national infrastructure to the highest degree. Cybercriminals were able to successfully deploy a ransomware attack, resulting in a huge pay-out and significant disruption to gas supplies across the East Coast. This became one of the most high-profile cyberattacks where consumers saw the potential for large-scale, tangible impact on their lives, which is a sign of things to come.   

A further example was the ransomware attack against FedEx back in 2017 that targeted their TNT Express Division and ended up costing the company USD300 million. Another example was the LockBit ransomware gang’s successful cyberattack against Bangkok Airways in 2021, who threatened to release passenger information such as passport and credit card details if the ransom wasn’t paid. 

In other findings, 95% of cybersecurity leaders admitted that they could make improvements to their holistic and real-time monitoring of cyberthreats. While 64% of respondents said that the COVID-19 pandemic caused significant disruption for their cybersecurity teams. 

General James Clapper, former Director of National Intelligence (US) under the Obama administration and board member at Sapien comments: “Organisations have faced a number of challenges throughout the COVID-19 pandemic, which has left the door open for opportunistic cybercriminals to take advantage. With almost two-thirds of cybersecurity leaders suggesting they have felt major disruption to their day-to-day cyber operation, this is a major cause for concern.

“Administrations in the Western world are pushing for more stringent cybersecurity practices, and the evidence within this survey suggest more must be done to protect critical assets from immediate danger.” 

View the full report: C-Suite’s Guide to Cyber Risks.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security