book

2019 GLOBAL ICS & IIoT RISK REPORT

data-driven analysis of real-world vulnerabilities observed in more than 850 production ICS networks across all industrial sectors and 6 continents

Download the report

Learn Why Industrial Control Systems are Soft Targets for Adversaries

Now in its second year, this year’s report is based on traffic captured over the past 12 months from more than 850 production ICS and SCADA networks, across six continents and all industrial sectors including energy and utilities, manufacturing, pharmaceuticals, chemicals, and oil & gas.

The data shows that industrial control systems continue to be soft targets for adversaries, with security gaps in key areas such as plain-text passwords (69%)direct connections to the internet (40%)weak anti-virus protections (57%)and WAPs (16%).

But that doesn’t mean nothing can be done. Ruthless prioritization is key. Many problems exist, but not all of them need be solved at once. In this report, CyberX lays out a series of eight steps towards protecting your organization’s most essential assets and processes, including:

  • Continuous ICS network monitoring to immediately spot attempts to exploit unpatched systems — before attackers can do any damage
  • Automated threat modeling to prioritize mitigating highest-consequence attack vectors
  • Compensating controls such as granular segmentation

Unlike questionnaire-based surveys, CyberX’s report is based on analyzing real-world traffic  — making it a more accurate representation of the current state of ICS security, SCADA security, and OT security.

Get all the findings and expert recommendations: Download the full report.