iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
Disclosures of vulnerabilities in industrial control systems have spiked 110 per cent over the past four years, according to new research from Claroty.
New findings from cyber security company Claroty’s Biannual ICS Risk & Vulnerability Report have revealed industrial control system (ICS) vulnerability reports more than doubled over the last four years, growing 25 per cent in the second half of 2021 alone when compared to the previous corresponding period.
The research also found that ICS vulnerabilities are expanding beyond operational technology (OT) to the Extended internet of things (XIoT), with 34 per cent of reports relating to IoT, IoMT and IT assets in 2H 2021.
Other key findings include:
The findings were drawn from data collected by Claroty’s Team82, as well as trusted open sources, including the National Vulnerability Database (NVD), the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), CERT@VDE, MITRE, and industrial automation vendors Schneider Electric and Siemens.
“As more cyber-physical systems become connected, accessibility to these networks from the internet and the cloud requires defenders to have timely, useful vulnerability information to inform risk decisions,” Amir Preminger, vice-president of research at Claroty said.
“The increase in digital transformation, combined with converged ICS and IT infrastructure, enables researchers to expand their work beyond operational technology (OT), to the Extended IoT (XIoT).
“High-profile cyber incidents in 2H 2021 such as the Tardigrade malware, the Log4j vulnerability and the ransomware attack on NEW Cooperative show the fragility of these networks, stressing the need for security research community collaboration to discover and disclose new vulnerabilities.”
Be the first to hear the latest developments in the cyber industry.
