Share this article on:
Survey results reveal resilience of industrial organizations in face of ongoing disruptions.
Released last month, Claroty’s latest Global State of Industrial Cybersecurity report offers valuable insight into what industrial cyber defenders are currently doing to combat ransomware, as well as opportunities to strengthen resilience moving forward. A joint advisory issued last week by CISA and other cybersecurity authorities in the U.S., Australia, and the U.K. identified the targeting of critical infrastructure and industrial processes as a key trend in ransomware threats from 2021.
This aligns with the survey of 1,100 IT and OT security professionals detailed in the new report from Claroty, which found that 47% of respondents had their OT/ICS environment impacted by a ransomware attack.
Among respondents who experienced a ransomware attack, 49% reported a substantial impact on operations, including 24% who said the impact lasted longer than one week.
The objective of conducting this global survey was to understand respondents’ levels of resilience to cyberattacks—despite unprecedented and unpredictable challenges—and learn about their priorities moving forward. We dug deep into ransomware and its impact on industrial organizations in the U.S., Europe, and Asia-Pacific and the results were surprisingly grim.
Here are just a few of the findings:
Ransomware is rampant and payments are prevalent
There was very little variation in responses across geographic locations. As for differences by sector and size, in industries including IT Hardware, Oil & Gas, Water & Waste, and Automotive, 90% were impacted by ransomware and 87% in Heavy Industry and Electric Energy. Not surprisingly, the larger the organization, the more likely an attack, since large enterprises are both more likely to pay and more willing to pay a large ransom. The decision to pay the ransom comes down to financial models; respondents estimate the cost of downtime far exceeds the ransom sums in most cases.
Gaps in processes and technology to mitigate ransomware risk remain
As concerning as the growing threat of industrial ransomware attacks may be, the survey results indicate that organizations are making promising steps toward effective mitigation. More than 80% of respondents report an increased budget for OT/ICS cybersecurity, confidence in security leaders continues to grow, and security professionals have support from the top. C-suite executives and board members are very involved in cybersecurity decision making and oversight. With these factors in their favor, CISOs and other security leaders at industrial companies can make swift and meaningful progress to mitigate the risk of ransomware attacks.
Detailed in greater depth in the report, the following five steps are core building blocks for building resiliency against ransomware and other cyber threats to your critical infrastructure and other industrial assets:
Devices that are not designed with security in mind introduce risk when connected to IT and OT networks.
There are many business processes and applications that need to communicate across the IT/OT boundary, so organizations need to ensure this is done in a secure way.
Ensure that cyber hygiene practices extend to OT and IoT devices. This includes the use of strong passwords, a password vault, and multi-factor authentication. However, some processes, like patching legacy systems, might be more challenging or not possible in an OT/ICS context.
Being able to monitor for threats in both IT and OT networks and anything that is traversing that boundary is imperative for effective and efficient detection and response.
Implementing the above capabilities and strengthening resilience gives security leaders and teams peace of mind. Running tabletop exercises of ransomware attacks provides a deeper understanding of organizational and technical preparedness.
For a full breakdown of the survey results and more insight into how to better secure your environment, download Claroty’s latest Global State of Industrial Cybersecurity report.