2020_risk_report

2020 Global IoT/ICS Risk Report

A data-driven analysis of IoT/ICS vulnerabilities — from insecure networks and unmanaged devices — observed in 1,800+ production networks across diverse industries worldwide

Download the report

Learn Why IoT/ICS Networks and Unmanaged Devices are Soft Targets For Adversaries

Now in its 3rd year, this data-driven analysis of real-world IoT/ICS vulnerabilities remains the only one of its kind.

Based on data collected in the past 12 months from 1,821 production IoT/ICS networks — across a diverse mix of industries worldwide — the analysis was performed using passive, agentless monitoring with patented deep packet inspection (DPI) and Network Traffic Analysis (NTA).

The data shows that IoT/ICS environments continue to be soft targets for adversaries, with security gaps in key areas such as:

  • Outdated operating systems
  • Unencrypted passwords
  • Remotely accessible devices
  • Unseen indicators of threats
  • Direct internet connections
  • No automatic AV updates

But that doesn’t mean nothing can be done. Ruthless prioritization is key. The report lays out a series of 7 practical steps for protecting your organization’s “crown jewel” assets, based on expert recommendations from NIST and INL.

Including data from previous reports, CyberX has now analyzed over 3,000 IoT/ICS networks worldwide. Unlike opinion-based surveys, this analysis is based on real-world network traffic  — making it a more accurate representation of the current state of IoT security, ICS security, SCADA security, and OT security.

Get all the findings and expert recommendations.