Most critical services companies are struggling to secure their industrial internet of things (IIoT)/operational technology (OT) systems and acknowledge the need to invest more heavily in these areas, said a report from security company Barracuda Networks this week.
The firm surveyed 800 senior IT managers, senior IT security managers, and project managers responsible for IIoT/IoT security projects from a range of industries, including agriculture, biotechnology, construction, energy, government, healthcare and manufacturing.
The impetus for IIoT security is increasing as governments warn about threats against critical infrastructure from Russia. Companies are especially concerned about this current geopolitical situation, with 89% citing it as a factor.
Against this backdrop, 96% of respondents acknowledged the need to invest further in IIoT and OT security.
Barracuda’s State of Industrial Security 2022 report found that companies are running into problems when implementing IIoT/OT security projects, with 93% admitting failure. The biggest cause of failure was that technology took too long to implement, while expense was the second. Almost four in 10 companies also reported that no one in the organization had taken responsibility for the project.
The high failure rate doesn’t mean that these companies failed entirely at IIoT security, as there are often multiple such security projects in a single company. Overall, just under a third of companies had already implemented some IIoT/OT security projects, while 40% are currently completing at least one.
“The good news is attempts are being made and learned from to improve IoT/OT security,” commented Bud Broomhead, CEO at Viakoo. “Even if failed, projects help to show where an organization’s IoT/OT security barriers exist.”
More generally, 94% of organizations had experienced a security incident in the last 12 months. Almost nine in 10 of those that suffered an incident saw their operations affected for more than a day, while 23% were impacted for at least three days.
Web applications were the highest attack vector, at 42%, followed by the use of malicious external hardware or removable media like USB sticks, which affected 38% of respondents.