Ransomware: ICS and OT affected almost as often as IT systems

Ransomware is also increasingly becoming a problem for industrial systems and critical infrastructure: 80 percent of KRITIS operators and companies that make a significant contribution to critical infrastructure fell victim to a ransomware attack last year.


This is the conclusion of the study “The Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption” initiated by the specialist for the security of cyber-physical systems (CPS) in industrial, healthcare and enterprise environments Claroty in times of disruption), for which a total of 1,100 security specialists were surveyed. While these attacks hit IT systems much more frequently around the world (32.4%) and operating technology (OT) and industrial control systems (ICS) (20.3%) much less frequently (20.3%), the difference in Europe is much smaller: Here affected 27 percent of ransomware attacks exclusively the IT systems and 23 percent exclusively OT/ICS systems. In almost a quarter (23.3%) both areas were disrupted (worldwide: 27.1%). Overall, almost every second attack also affects the OT/ICS.


More than 90 percent of the companies attacked informed their shareholders and/or authorities about the incident and reported that in almost half of the cases (49%) the impact was significant or significant. The financial impact of a ransomware attack is also significant: just over half (50.3%) of those surveyed estimated that a business interruption as a result of an attack would cost them between USD 100,000 and USD 1,000,000 in sales per hour. This may also explain the relatively high willingness to accept the ransom demands. Worldwide, 62.1 percent of companies paid, in the USA as much as 76.4 percent, but only 46.8 percent in Europe. In most cases, the ransom was between US$100,000 and US$500,000 (32.1%) and between US$500,000 and US$1,000,000 (30.5%).





digital transformation


The digital transformation has also accelerated in the area of ​​critical infrastructure since the beginning of the corona pandemic: Most clearly in the Asia-Pacific region (for 90.4% of those surveyed), least in Europe (for 82.3% of companies). The trend towards remote work will continue: 73 percent of companies worldwide want to continue to work remotely to a certain extent in the foreseeable future, in Europe even 80 percent.


As a result of the increasing threat landscape, cyber security is becoming an increasing priority for companies. Accordingly, they are increasing their cybersecurity investments and implementing new solutions and processes. The management is involved more and more often, in every second company (52.4%) even to a large extent. Responsibility for secure operation is usually the responsibility of the CISO: OT and IT governance are bundled here in 60 percent of companies. The COO or operations manager is also responsible for the cyber security of the facility in only 25.6 percent of the companies.


“Our study shows that critical infrastructure security is at a critical juncture, with threats increasing and evolving. At the same time, however, there is a growing collective awareness and desire to protect our most critical systems,” said Yaniv Vardi, CEO of Claroty. “Security leaders who want to take their programs to the next level must include all cyber-physical systems in their risk governance practices, segment their IT and OT networks and assets, extend their overall IT cybersecurity practices to their OT devices, and consistently monitor all networks for threats.”


www.claroty.com