This CyberWire podcast from October 23 presents findings from the CyberX 2019 ICS and IIoT Risk Report. Starts at 9:26 in the recording.
First introduced at the 2018 ICS Cybersecurity Conference, CyberX’s findings are based on traffic captured from over 850 production networks across various industrial sectors in many countries around the world. “They found that passwords in plain-text, connection of industrial systems to the internet and weak implementation of anti-virus tools continue to be common across the sectors. NotPetya, last year’s big shocker, has apparently shocked some operations into positive changes. Among those positive changes has been the decreased industrial use of Windows XP and other legacy operating systems. But still, a lot of exploitable weaknesses are still out there. CyberX says its found unpatchable Windows instances in just over half the industrial sites studied.”