When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty.
In Claroty's previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted both IT and OT. Today, 21% impact IT only, while 37% impact both IT and OT - a significant 10% jump for the latter in just two years.
This trend speaks to the expanding attack surface area and risk of operational disruption that comes with IT/OT convergence.
On top of the growing operational impact of ransomware, the staggering financial impact persists.
Of the 75% of respondents whose organizations were targeted by ransomware attacks in the past year, 69% paid the ransom, and 54% of those who paid the ransom suffered financial ramifications of $100,000 USD or more.
As a likely result, demand for cyber insurance is high among respondents.
80% of organizations have cyber insurance policies and 49% have opted for policies with coverage of half a million dollars or more.
The pressure of combating increased threats as well as financial loss comes as new technologies are being integrated into OT environments.
61% of respondents are currently utilizing security tools that leverage generative AI and an alarming 47% say that it raises their security concerns.
In light of these challenges brought on by combating ransomware and integrating new technology, governments have recognized the need for industry regulations and standards, which are now driving OT security priorities and investments.
45% of respondents say that TSA Security Directives have had the most significant impact on their organization's security priorities and investments, followed by CDM DEFEND and ISA/IEC-62443.
Progress and advancements in processes and technology.
While implementing generative AI may be giving some pause, progress and advancements are being made to close gaps in processes and technology.
The pace of vulnerability disclosures and patch releases are outpacing organizations' ability to address them; as a result, organizations are exploring a variety of risk scoring methods to help prioritize.
The most popular methods are the Common Vulnerability Scoring System, used by 52% of global respondents, followed by existing security solutions' risk scores, the Exploit Prediction Scoring System, and the Known Exploited Vulnerabilities Catalog.
The top OT security initiatives that respondents plan to implement in the next year are risk assessment, followed closely by asset, change, and/or lifecycle management and vulnerability management.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 13 Dec 2023 04:13:05 +0000