Over the past few years, we’ve all been hearing more about ransomware attacks (where a ransom is required to regain control of your data and systems) and manipulation of industrial control systems (ICS). Now, a recent study shows that these incidents may be more common than you think.
|Industrial cybersecurity lessons from the Colonial Pipeline breach.|
Claroty, a supplier of industrial cybersecurity software, conducted a survey of more than 1,000 information technology (IT) and operations technology (OT) security professionals across the United States, Europe, and Asia-Pacific. According to Claroty, more than half (55%) of the organizations surveyed report at least $1B in revenue in industries such as IT hardware, oil and gas, consumer products, electric energy, pharmaceutical/life sciences/medical devices, and automotive.
Results of the study show that ransomware attacks targeting industrial organizations has reached new heights. On a global basis, 80% of respondents experienced an attack, and 47% said it impacted the operations technology/ICS environment. More than 90% of organizations that were attacked reported the impact was substantial or significant in almost half (49%) of the cases.
|Listen to this podcast about how to determine an appropriate level of cybersecurity for your operations.|
Responses to the survey also suggest that the ransomware tactic has been very effective for hackers, as 62% of impacted companies report having paid the ransom to regain control of their systems. And 45% of respondents said the ransom was in the $500,000 to $5,000,000 range, with 48% noting the ransom was below $500,000. Nearly 7% indicate the ransom was in excess of $5,000,000.
Of note, 41% of respondents said paying a ransom should be legal if authorities are notified, 28% said it should be legal with no requirement to report, and 21% said ransomware payments should be illegal.
To access the full report from Claroty, visit: https://security.claroty.com/report/global-state-industrial-cybersecurity-survey-2021. There is no charge to access the report, but it does require inputting your name, company, and contact information.
|Read this story about securing remote access into your plant.|