A significant 98 per cent of UK organisations experienced some form of a security incident in the last 12 months, according to a new report from Barracuda Networks Inc. (Barracuda), a trusted partner and leading provider of cloud-enabled security solutions.
The report, titled The State of Industrial Security in 2022, surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for industrial internet of things (IIoT)/operational technology (OT) in their organisation to get their perspectives on IIoT/OT security projects, implementation challenges, security incidents, technology investments, and a variety of issues related to cybersecurity risks.
The data revealed that web application attacks were the most common security incident for UK organisations, with 45 per cent encountering at least one in the last 12 months. Additionally, 29 per cent suffered from a malicious external hardware or removable media, 36 per cent encountered a DDoS attack, 31 per cent had remote access compromised, and 29 per cent encountered a compromised supply chain.
Nearly one in 10 (9 per cent) or UK businesses said that the worst security incident they suffered in the last 12 months had a ‘significant’ impact on their organisation, and led to a complete shutdown of all devices or locations. Furthermore, 39 per cent said their worst incident had a moderate impact, whereby a large number of devices or several locations were impacted, and 50 per cent said minimal impact was observed, where a few devices or just one location was impacted. Only two per cent said no impact was experienced at all.
The downtime for these security incidents ranged from less than a day to up to four days, in the UK. The majority or organisations (42 per cent) said that their most significant security incident impacted operation for two days.
As a result, 99 per cent of all UK IT leaders are ‘concerned’ to at least some extent about the current threat landscape and geopolitical situation, in terms of the impact it may have on their organisation.
Tim Jefferson, SVP, Engineering for Data, Networks and Application Security, Barracuda:
“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organisations at risk,”
“Issues such as the lack of network segmentation and the number of organisations that aren’t requiring multifactor authentication leave networks open to attack and require immediate attention.”
Organisations across the board have acknowledged the importance of investing even further in IIoT and OT security, with 96 per cent of business leaders, globally, noting that their organisation needs to increase their investment in industrial security. A full 72 per cent of organisations signaled that they have either already implemented or are in the process of implementing IIoT /OT security projects, but many are facing significant challenges when it comes to implementation, including basic cyber hygiene.
Klaus Gheri, VP Network Security, Barracuda commented:
“IIoT attacks go beyond the digital realm and can have real-world implications. As attacks continue to rise across industries, taking a proactive security approach when it comes to industrial security is critical for businesses to avoid being the next victim of an attack.”
Download the full report: https://barracuda.com/iiot-2022-report
Read the blog post: http://cuda.co/51231
At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organisations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.