Cybersecurity risk and vulnerability reports and solutions continue to flood my inbox. We are connecting more things, collecting ever more data, and storing sensitive manufacturing and production analyses. Inquiring minds might like to know what you know. Or, they may want to hold everything hostage. This Claroty Biannual ICS Risk and Vulnerability Report may help you convince management about the need for continual improvement in this area.
Some key findings include:
• ICS vulnerability disclosures grew 110% over the last four years demonstrating heightened awareness of this issue and the growing involvement of security researchers shifting toward OT environments.
• 34% of vulnerabilities disclosed affect IoT, IoMT, and IT assets, showing that organizations will merge OT, IT, and IoT under converged security management.
• 50% of the vulnerabilities were disclosed by third-party companies and a majority of these were discovered by researchers at cybersecurity companies.
• 87% of vulnerabilities are low complexity, meaning they don’t require special conditions and an attacker can expect repeatable success every time.
• 63% of the vulnerabilities disclosed may be exploited remotely through a network attack vector.
We are fast approaching a time when highly connected cyber-physical systems are the norm, and the lines between information technology (IT), operational technology (OT), and Internet of Things (IoT) security management are blurred beyond recognition.
This is the new paradigm of the Extended Internet of Things (XIoT), one that enhances the need for timely, useful vulnerability information in order to better inform risk decisions.
Claroty published its fourth Biannual ICS Risk & Vulnerability Report. The report was prepared by Claroty’s research arm, Team82, in effort to define and analyze the vulnerability landscape relevant to leading automation products and connected devices used across domains.
While the volume of headline-grabbing attacks dwindled in the second half of 2021 compared to the first six months, those incidents will only fuel the eventual prioritization of XIoT cybersecurity among decision makers. You’ll also see from our analysis in this report that the percentage of vulnerabilities that were disclosed in the second half of last year in connected IoT and medical devices, as well as a growing number of IT vulnerabilities, continues to climb, reaching 34%, up from 29% in 1H 2021.