Organizations are struggling to protect their operational technology (OT) and industrial internet of things (IIoT), according to a survey of senior IIoT and OT executives by Barracuda Networks. In fact, a large majority of those surveyed failed to restrict remote access and enforce multi-factor authentication (MFA).
Barracuda surveyed 800 senior executives responsible for the IIoT or OT in their organizations with more than 500 employees in the U.S., Europe, the Middle East and Africa (EMEA), and Australia.
The results showed that 94% of respondents experienced at least one security incident in the past year, while 93% have failed in their IIoT/OT security projects.
Those incidents not only brought monetary losses, but also caused significant downtime with a long-lasting impact. Eighty-seven percent of the surveyed organizations had an incident that impacted the business for more than one day.
Meanwhile, geopolitical concerns are growing. Eighty-nine percent of those surveyed are very or fairly worried about the impact of the current threat landscape and the increasingly intense geopolitical situation.
“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk,” Tim Jefferson, SVP of engineering for data, networks and application security at Barracuda, pointed out.
“Issues such as the lack of network segmentation and the number of organizations that aren’t requiring MFA leave networks open to attack and require immediate attention,” Jefferson added.
The research showed that only 18% of the surveyed companies enforced MFA and restricted remote access to OT networks and 47% of those in the energy sector allowed full remote access without MFA for external users.
However, in fact, almost all (96%) of those business leaders acknowledged the need to increase their investment in IIoT and OT security, and 72% of them have either already implemented or are in the process of implementing their IIoT or OT security project.
Organizations in critical verticals are leading the implementation, the research found. Fifty percent of the surveyed oil and gas companies have completed the projects, but only 24% of those in manufacturing and 17% in healthcare finished.
Barracuda researchers recommended organizations take a proactive approach to address the OT and IIoT threats. They should adopt secure endpoint connectivity devices and network firewalls that are deployed and managed by a secure cloud service and enable advanced threat protection, network segmentation, MFA, and other zero-trust strategies, researchers wrote.