IT leaders are underestimating the scale of cyber threats

Most IT and security leaders in critical infrastructure (CNI) organisations are underestimating the scale of cyber threats, according to Skybox Security

Skybox Security, a company that provides a cybersecurity management platform, has released the findings of its new study, revealing that 83% of organisations suffered an operational technology (OT) cybersecurity breach in the prior 36 months. 

The research also uncovered that organisations underestimate the risk of a cyberattack, with 73% of CIOs and CISOs "highly confident" their organisations will not suffer an OT breach in the next year.

"Not only do enterprises rely on OT, the public at large relies on this technology for vital services including energy and water. Unfortunately, cybercriminals are all too aware that critical infrastructure security is generally weak. As a result, threat actors believe ransomware attacks on OT are highly likely to pay off," said Skybox Security CEO and Founder Gidi Cohen. "Just as evil thrives on apathy, ransomware attacks will continue to exploit OT vulnerabilities as long as inaction persists."


False confidence and unsecure networks

The new research, ‘Operational technology cybersecurity risk significantly underestimated’, takes a look at the security issues critical infrastructures are facing, such as compromised network complexity and supply chain risk. Threat actors take advantage of these OT weaknesses in ways that don't just imperil individual companies – but threaten public health, safety, and the economy, according to Skybox Security.

73% of CIOs and CISOs are highly confident their OT security system will not be breached in the next year. Compared to only 37% of plant managers, who have more firsthand experiences with the repercussion of attacks. While some refuse to believe their OT systems are vulnerable, others say the next breach is around the corner.

Robert Lynch, Information Security Manager at Navistar, Inc.: "Some CISOs could have false confidence because even though they've already been breached, they have not identified this yet; sometimes hackers are there for a long period establishing their foothold. It is dangerous to be confident as the bad guys are so good.”


What other risks are organisations facing? 

40% of respondents said that supply chain/third-party access to the network is one of the top three highest security risks. Yet, only 46% said their organisation as a third-party access policy that applied to OT.

Complexity due to multivendor technologies is a challenge in securing their OT environment, said 78%. In addition, 39% of all respondents said that a top barrier to improving security programmes is decisions are made in individual business units with no central oversight.

34% of respondents said that cyber liability insurance is considered a sufficient solution. However, cyber liability insurance does not cover costly "lost business" that results from a ransomware attack, which is one of the top three concerns of the survey respondents.



Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI