As connectivity and the industrial internet of things (IIoT) gather more strength with organizations in the critical infrastructure, cybersecurity is also continuing its growth curve, new research found.
Along those lines, while security spending is on the rise, it will continue to increase for the protection of critical infrastructures to the tune of $125 billion globally by 2023, according to a report by ABI Research.
In keeping with critical infrastructure always being watched by potential attackers, defense contractors like Lockheed Martin, BAE Systems, Harris, Northrop Grumman, industrial OEMs like Honeywell, Siemens, Airbus, Rockwell, Boeing, tech leaders like IBM, Amazon, Microsoft, Verizon, and energy companies like Shell, Total, and Exxon are big security spenders.
Three drivers pushing better digital security in sectors such as utilities, transport, and healthcare: Digital transformation and increased connectivity of operational technologies; democratization of cyber attacks targeting critical infrastructure, and a maturing market for industrial and IoT security, the report said.
“Connected OT has enabled optimization and greater efficiency for decades-old legacy systems, cutting costs and vastly improving operations for operators,” said Michela Menting, Research Director at ABI Research.
It has also introduced new vulnerabilities and opened new threat vectors to previously protected, or air-gapped, technologies.
The first specialized attacks against industrial control systems are over a decade old, and the attack tools and methods are accessible to even the most common cybercriminals. Fortunately, the cybersecurity industry has been working in parallel to address that security gap between IT and OT. As a result, security solutions for industrial control systems and IoT have been fast maturing, rendering them more widely available and affordable.
“So, while critical infrastructure operators face an expanding threat landscape, they also have greater choice and support in terms of digital protection of their OT and IT systems. Security budgets have increased significantly, which is encouraging news for those sectors which have long lagged in digital security,” Menting said.
However, these positive developments face-off against several obstacles plaguing critical infrastructures: A macro-focus slowdown by governments regarding national cybersecurity strategies, especially in the U.S., and the E.U., continued resistance to cybersecurity regulation and sectoral information sharing, and cyberthreat fatigue leading to general apathy regarding cybersecurity by the private sector.
There are plenty of operators that view cybersecurity as a check-box exercise for one-time spending rather than investing on a continuous basis.