As hackers increasingly attack operational technologies (OT), companies are not aware of the threats cyberattacks pose to their OT assets, new research found.
On top of that, end users’ security measures are usually not tailored to OT, according to the TÜV Rheinland study exploring how 370 industrial organizations protect their operational technology (OT) assets from cyberattacks.
Forty percent of respondents said they had never assessed the risks posed by cyberattacks on their operational technology, according to the study entitled “Industrial Security in 2019: A TÜV Rheinland Perspective.”
An additional 34 percent do not know whether their own company has ever investigated these risks. Moreover, only one in five companies has tailored its measures for cybersecurity to OT.
“The fact that OT cybersecurity is obviously not of high priority is worrying. Attacks from the Internet can shut down entire plants, which can result in production downtime and higher costs,” said Nigel Stanley, chief technology officer for operational technology and industrial cybersecurity at TÜV Rheinland.
In the study, the authors emphasize the complexity of OT security in a networked world. One case in point is Enterprise IT applications are constantly updated to respond to new threats. But computer controls for OT systems are not typically updated regularly.
“Whether or not an OT system is connected to the Internet, preventive cybersecurity measures based on an understanding of the OT risk are a must. This is especially important as the safety of OT systems can be undermined by cybersecurity attacks,” Stanley said.
Those responsible should think about how to protect their own production facilities from physical intrusion.
“Whoever is responsible for OT security should consider whether an intruder could insert a rogue USB stick into a system,” Stanley said. “A lot of valuable intellectual property is found in industrial plants and data theft can be just as rewarding for some hackers as disrupting the plant production line.”
Click here to register to download the full report.