ABSG Consulting Inc. confirmed the findings of a new survey from SANS Institute, Threat Informed Operational Technology Defense: Securing Data vs. Enabling Physics, which showcased the sophistication of cybersecurity attackers and highlighted the risks posing organisations in the cyber landscape
The report revealed that cyber attackers have demonstrated robust understandings of operational technology and industrial control system engineering, conducting attacks to negatively impact operational and human safety.
“This research concludes that industrial control systems can no longer be ignored,” said Ian Bramson, global head of industrial cybersecurity at ABS Group.
“Organisations that take a ‘copy and paste’ approach to applying IT security tools, processes and best practices into an OT/ICS environment can expect problematic consequences.”
Attackers are setting their sights on critical infrastructure. The study shows consistent examples of threat actors going beyond data theft from IT networks and instead graduating to OT networks, interrupting day-to-day operations of critical infrastructure which gives them the ability to impact wellbeing and security.
Takeaways from the report include analyses of the critical differences between IT and OT security, the gap in perception around risks at different organisational levels, and the key threats posed to businesses.