The first edition of a Rockwell Automation report finds nearly 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time). This corroborates other industry research showing OT/ICS security incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers.
“Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” says Mark Cristiano, commercial director of global cybersecurity services at Rockwell Automation. “Anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defenses necessary to prevent them in the future.”
Key takeaways:
- OT/ICS cybersecurity incidents in the last three years have already exceeded the total number reported between 1991-2000.
- Threat actors are most intensely focused on the energy sector (39% of attacks), over three times more than the next most frequently attacked verticals, critical manufacturing (11%) and transportation (10%).
- Phishing remains the most popular attack technique (34%), underscoring the importance of cybersecurity tactics such as segmentation, air gapping, Zero Trust and security awareness training to mitigate risks.
- In more than half of OT/ICS incidents, Supervisory Control and Data Acquisition (SCADA) systems are targeted (53%), with Programmable Logic Controllers (PLCs) as the next-most-common target (22%).
- More than 80% of threat actors come from outside organizations, yet insiders play an unintentional role in opening the door for threat actors in approximately one-third of incidents.
- In the OT/ICS incidents studied, 60% resulted in operational disruption and 40% resulted in unauthorized access or data exposure. However, the damage of cyberattacks extends beyond the impacted enterprise, as broader supply chains were also impacted 65% of the time.
- More than 80% of the OT/ICS incidents analyzed started with an IT system compromise, attributed to increasing interconnectivity across IT and OT systems and applications.
