Executives: employees are the greatest threat to critical cyber security

However, a new survey has found that as critical infrastructure organisations converge their IT, operational technology (OT), IoT and physical systems, companies believe that employees are the biggest threat to cyber security.

The independent report, “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure,” queried over 400 c-level executives from critical infrastructure organisations across North America, Europe and Asia/Pacific and found:

• 52% say employees are the biggest threat to operational security.
• Cyber incursion into IT data systems accounted for 53% of attacks in the last 12 months.
• 85% of security incursions made their way into Operational Technology networks – of those, 36% started in IT/data systems and 32% involved physical incursion into OT.
• More than half (64%) say it took a cyber or physical security breach to motivate them to move toward a more holistic approach to cyber security.
• Only a quarter believe their existing security is adequate.

“The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organisations must move swiftly to gain visibility and enhance cybersecurity into their OT and IoT networks,” said Kim Legelis, CMO, Nozomi Networks.

Add to organisations list of concerns, the massive increase in employers and employees working from home due to coronavirus and the perfect storm has the potential to expand to huge proportions.

“It’s a board issue and an employee issue. We are encouraged that organisations recognise both the threats and the opportunities of modernising critical infrastructure. We know from working with thousands of industrial installations, that it’s possible to monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees,” she said.

A guide to safely working from home in period of Covid-19 uncertainty

Working from home has become the norm during the coronavirus pandemic. How can employees work safely in this environment? Read here.

Other report findings include:

The integration of IT, OT and physical systems are becoming mainstream

• 88% of critical infrastructure executives surveyed have either already integrated their systems or say the integration process is underway.
• 68% say that some of their OT and/or physical systems are isolated from IT, but that the integration process is ongoing.
• One in five respondents (20%) say that all their systems are fully integrated with externally accessible systems, and even fewer (11%) say that none are.

As the threat landscape is changing, so are security postures

• Nearly 9 in 10 executives say their organisation has experienced a security incident in the previous 12 months and more than half have suffered two or more.
• 85% of security incidents involved OT – of those, 36% started in IT/data systems and 32% involved physical incursion into OT.
• Nearly half of respondents (47%) say cyber-criminals pose the biggest risk.
• But an even larger number (52%) believe former and current employees are the greatest threat.
• 70% of respondent organisations are taking steps to address the new vulnerabilities created by the integration of cyber/digital and OT/physical systems, though the specific nature of those steps varies.

Challenges and obstacles to a holistic approach to cyber security

• Nearly half of respondent organisations (49%) struggle with differences in risk tolerances between IT and OT in an environment that has traditionally associated those two areas with very different goals.
• Differences between IT and OT operating environments (43%) and cyber/IT skills requirements (40%) are the top two technical obstacles.
• 30% face employee resistance to cultural change.

Motivating change

• 32% say clear directives regarding risk tolerance or performance either from IT/OT executives or from the CEO or Board is driving change.

Martin Rudd, CTO, Telesoft Technologies, gives some examples as to how home remote working employees can be vulnerable to cyber security breaches.

“The rapid, wider move to homeworking is having two major impacts, however. One is that the volume of internet traffic has just surged – Vodafone reported that last week saw a 50% increase in usage of their network. Secondly, within this volume of business traffic, we’ve seen a huge jump in cyber-attacks taking advantage of the opportunities inherent in businesses changing rapidly. There are more, and less-secure endpoints to attack, opportunities to hide threats in the increased network traffic and cyber criminals are exploiting people’s emotional vulnerabilities through targeted phishing campaigns. ”