Asset visibility and security firm Armis has released a new report identifying the riskiest devices that threaten critical infrastructure industries.
In particular, the research focused on manufacturing, utilities and transportation firms. It concluded that the operational technology (OT) and industrial control systems (ICS) devices that present the highest risk to these industries are engineering workstations, SCADA servers, automation servers, historians and programmable logic controllers (PLCs).
Among these devices, engineering workstations received the highest number of attempted attacks in the industry over the past two months, followed by SCADA servers.
The news statistics reveal that 56% of engineering workstations have at least one unpatched critical vulnerability, and 16% are susceptible to weaponized vulnerabilities published for over 18 months.
“In an ICS environment, it’s pretty common to have vulnerable devices, so professionals need to see what assets are on their network and additional intelligence on what those devices are actually doing,” explained Armis CTO and co-founder, Nadir Izrael.
“Contextual data will enable teams to define what risk each device poses to the OT environment so that they can prioritize remediation of critical and/or weaponized vulnerabilities to quickly reduce the attack surface.”
The research also highlights the vulnerabilities of devices such as uninterruptible power supplies (UPS).
For instance, 60% of UPS devices have at least one unpatched critical vulnerability, potentially enabling criminals to cause physical damage. Additionally, 41% of PLCs have at least one unpatched critical vulnerability, posing a threat to large operations.
The study also points out that several other devices, including barcode readers, industrial-managed switches, IP cameras and printers, are at risk due to weaponized vulnerabilities published before January 2022.
According to Izrael, collaboration between OT and IT teams is crucial in addressing these vulnerabilities.
“Cross-departmental projects will help streamline process and resource management and achieve greater compliance and data security,” the executive added.
“Overall, to navigate the challenges of the new industrial era, security professionals need an IT/OT convergence security solution that shields all assets connected to the network.”
Armis will be exhibiting at Infosecurity Europe next week. Register for the event here.