New research Finds That 91% Of Industrial Companies Are Open To Cyber Attacks

New research from Positive Technologies shows just how at-risk industrial companies are for cyber-attacks.

Among the key findings, an external attacker can penetrate the corporate network at 91%, and Positive Technologies penetration testers gained access to the industrial control system (ICS) networks of 75% of these companies. Positive Technologies studies revealed the most common vulnerabilities:

  • Low level of protection of the external network perimeter accessible from the Internet
  • Low level of protection against hackers penetrating the industrial network
  • Device misconfiguration
  • Flaws in network segmentation and traffic filtering
  • Dictionary passwords
  • Use of outdated software

Saumitra Das, CTO and Cofounder of Blue Hexagon had this comment:

“It is much harder to update and protect ICS software which use obscure protocols. The key is segmenting the IT and OT/ICS networks and focus on reducing the chances of someone penetrating the IT network and specially the computers on the IT side that control the OT/ICS network. This means having ways to find unknown malware with predictive technologies and investing in both EDR and NDR to reduce dwell time of attackers in IT environments. It is common for the IT and OT air gap to be compromised for convenience in such organizations so do not assume the air gap exists in a way that will thwart attackers completely. “

     “Detecting attacks on the OT/ICS side is also good but is usually very late and risky. It is like detecting ransomware that has begun to encrypt already. You want to detect and mitigate the foothold infection rather than wait for the final payload.”

If you’re in this space, you should strongly consider upping your security game so that you are not pwned by hackers.

Leave a Reply

%d bloggers like this: