This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
BOSTON--(BUSINESS WIRE)--Oct 22, 2019--
The data illustrates that IoT/ICS networks and unmanaged devices are soft targets for adversaries, increasing the risk of costly downtime, catastrophic safety and environmental incidents, and theft of sensitive intellectual property.
Some of the top findings noted that these networks have outdated operating systems (71 percent of sites), use unencrypted passwords (64 percent) and lack automatic antivirus updates (66 percent).
Energy utilities and oil and gas firms, which are generally subject to stricter regulations, fared better than other sectors such as manufacturing, chemicals, pharmaceuticals, mining, transportation and building management systems (CCTV, HVAC, etc.).
Now in its third year, CyberX’s “Global IoT/ICS Risk Report” is based on analyzing real-world traffic from more than 1,800 production IoT/ICS networks across a range of sectors worldwide, making it a more accurate snapshot of the current state of IoT/ICS security than survey-based studies.
Including the data presented in previous reports, CyberX has now analyzed over 3,000 IoT/ICS networks worldwide using its patented M2M-aware behavioral analytics and non-invasive agentless monitoring technology.
Recommendations Focus on Prioritization and Compensating Controls The report concludes with a practical seven step process for mitigating IoT/ICS cyber risk based on recommendations developed by NIST and Idaho National Labs (INL), a global authority on critical infrastructure and ICS security.
Experts agree that organizations can’t fully prevent determined attackers from compromising their networks. As a result, they recommend prioritizing vulnerability remediation for “crown jewel” assets — critical assets whose compromise would cause a major revenue or safety impact — while implementing compensating controls such as continuous monitoring and behavioral anomaly detection (BAD) to quickly spot intruders before they can cause real damage to operations.
“Our goal is to bring board-level awareness of the risk posed by easily-exploited vulnerabilities in IoT/ICS networks and unmanaged devices — along with practical recommendations about how to reduce it,” said Omer Schneider, CyberX CEO and co-founder.
“Today’s adversaries — ranging from nation-states to cybercriminals and hacktivists — are highly motivated and capable of compromising our most critical operational systems,” said Nir Giller, CyberX GM, CTO and co-founder. “It’s now incumbent on boards and management teams to recognize the risk and ensure appropriate security and governance processes are in place across all their facilities to address it.”
Summary of Key Findings
CyberX will be presenting the results from the “Global IoT/ICS Risk Report” at the ICS Cyber Security Conference in Atlanta (October 21-24).
To access all the findings and expert recommendations, please download the full report here.
About CyberXCyberX delivers the only cybersecurity platform built by blue-team experts with a track record of defending critical national infrastructure. That difference is the foundation for the most widely deployed platform for continuously reducing IoT/ICS risk and preventing costly production outages, safety and environmental incidents, and theft of sensitive intellectual property.
Notable CyberX customers include 2 of the top 5 US energy providers; a top 5 global pharmaceutical company; a top 5 US chemical company; multiple government agencies including the US Department of Energy; as well as national electric and gas utilities across Europe and Asia-Pacific. Integration partners and MSSPs include industry leaders such as IBM Security, RSA, Splunk, ServiceNow, Toshiba, HPE/Aruba, Optiv Security, McAfee, DXC Technology, Singtel/Trustwave, and Deutsche-Telekom/T-Systems. For more information visit CyberX.io or follow @CyberX_Labs.
View source version on businesswire.com:https://www.businesswire.com/news/home/20191022005364/en/
CONTACT: Media Contact for CyberX:
KEYWORD: UNITED STATES NORTH AMERICA MASSACHUSETTS
INDUSTRY KEYWORD: DATA MANAGEMENT SECURITY TECHNOLOGY SOFTWARE NETWORKS INTERNET
Copyright Business Wire 2019.
PUB: 10/22/2019 09:00 AM/DISC: 10/22/2019 09:01 AM
Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.