Nozomi Networks, Inc.
Nozomi Networks Announces Analysis of SANS 2022 OT/ICS Cybersecurity Report Cybersecurity Risks to OT Environments Still High, Enterprises Strengthen Security Measures
Nozomi Networks Inc., a leader in OT/IoT security, today found in its SANS 2022 OT/ICS cybersecurity report that ICS cybersecurity threats remain high as attackers target control system components announced that In contrast, while organizations have significantly improved their security posture over the last year, more than a third (35%) are unaware if their organization has been compromised. Attacks on engineering workstations have doubled in the last 12 months. Nozomi Networks co-founder and CPO Andrea Carcano said:
“Last year, researchers at Nozomi Networks and the ICS cybersecurity community witnessed attacks like Incontroller targeting OT directly from traditional targets on corporate networks. While honing your defenses, there are also specialized technologies and frameworks available for a solid defense, and our survey found that more organizations are actively using them. We still have work to do, and we encourage you to take action now to minimize risk and maximize resilience.”
ICS cybersecurity risks remain high
62% of respondents rated risks to their OT environment as “high” or “serious” (down slightly from 69.8% in 2021)
Ransomware and financially motivated cybercrime topped the list of threat vectors (39.7%), followed by state-sponsored attacks (38.8%). Third is non-ransomware criminal attacks (32.1%) and fourth is hardware/software supply chain risk (30.4%).
While 10.5% of respondents said they had experienced a data breach in the last 12 months (down from 15% in 2021), 35% of them (double from 18.4% last year) had an engineering workstation. was the primary route of infection.
35% (down from 48%) were unsure if their organization had been compromised, and 24% (2x improvement year over year) were confident they hadn’t had an incident.
In general, IT compromise remains the dominant access vector (41%), followed by removable media duplication (37%).
ICS cybersecurity posture is being established
66% (up from 47% last year) said their control system security budgets have increased in the past two years.
56% (up from 51% in 2021) now detect breaches within 24 hours of an incident. A majority (69%) say they are moving from detection to suppression within 6-24 hours.
87.5% (up from 75.9% last year) have conducted an OT/control system or network security audit in the past year – one-third (29%) now have an ongoing assessment program in place.
The majority (83%) monitor the security of their OT systems, of which 41% use a dedicated OT SOC.
Organizations invest in ICS training and certification, with 83% of respondents having their control systems professionally certified. This is a significant increase from 54% over the last 12 months. Nearly 80% have roles focused on ICS operations, up from 50% in 2021. Latest trends in OT/ICS cybersecurity
Download: OT/ICS Cybersecurity in 2022 and Beyond (
https://info.nozominetworks.com/en/sans-2022-survey-ot-ics-cybersecurity-lp )
About Nozomi Networks
Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industries, and governments from cyber threats. Our solutions provide superior network and asset visibility, threat detection and insight for OT/IoT environments. Customers can minimize risk and complexity while maximizing
operational resilience. www.nozominetworks.com
About SANS Institute
The SANS Institute was established in 1989 as a collaborative research and educational institution. SANS is the largest and most trusted provider of training and certification to government and private sector professionals worldwide. SANS’ renowned faculty offers over 200 live and online cybersecurity training events and over 50 different courses. GIAC, an affiliate of SANS Institute, proves the competence of its employees through 30 hands-on technical certifications in information security. The SANS Technology Institute is an independent, regionally accredited subsidiary that offers master’s degrees in cybersecurity. SANS provides a myriad of free resources to the information security community, including consensus projects, research reports, and newsletters, as well as the Internet Storm Center, the Internet’s early warning system. SANS is made up of thousands of security professionals representing a variety of global organizations, from corporations to universities, working together to support the entire information security community. www.SANS.org
Details about this release:
https://prtimes.jp/main/html/rd/p/000000009.000076986.html