fbpx
Techitup Middle East
B2B TechnologyOT

SANS 2024 State of ICS/OT Cybersecurity Survey Released

SANS Institute has released the findings of its highly anticipated SANS 2024 State of ICS/OT Cybersecurity survey, revealing significant strides in securing industrial control systems (ICS) and operational technology (OT) environments. Notably, the report sounds a clear warning that while some organizations are raising the bar, many are still leaving critical systems exposed, with significant gaps between the “haves” and the “have-nots” in ICS/OT security.

The survey, presented by SANS certified instructor and survey author Jason D. Christopher, revealed that organizations using both ICS/OT cybersecurity standards and threat intelligence to guide their program are lightyears ahead of their peers in terms of maturity and capabilities. Such organizations are quicker to detect cyber events, are more likely to have mapped all external connections to the industrial environment, and typically have ICS/OT-specific security operation centers (SOCs). In comparison, organizations without such guiding principles tend to lack central governance for industrial cyber risk management and lack basic capabilities, like a dedicated incident response plan.

For the first time since its inception, the 2024 State of ICS/OT Cybersecurity also examines historical trends over the past five years with some hopeful trends outlining improved security for industrial facilities. For example, in 2019 a majority of respondents that suffered an ICS/OT cybersecurity incident took, on average, 2-7 days to detect a compromise. Five years later, over half of respondents reported the same capability took less than 24 hours—a marked improvement for critical infrastructure asset owners and operators. Similarly, basic security protections like endpoint protection and multifactor authentication for remote access saw drastic increases in their deployments since 2019.

Key Findings of the 2024 Survey Include:

  • Improved Detection Capabilities: In 2019, OT-specific monitoring was used by only 33% of respondents seeing a significant jump to 52% in 2024—highlighting the importance in visibility for these critical networks.
  • Significant Gaps in Preparation and Workforce: Only a small percentage (34%) of respondents prepare for cyber incidents using range environments with ICS/OT-specific tools. Combined with the majority (51%) of respondents protecting these systems without a relevant certification, and there’s cause for concern when examining how prepared security teams are in recovering from an industrial cyber incident.
  • Growing Adoption of Cloud Solutions: Despite concerns, cloud-based ICS/OT solutions saw a +15% increase in adoption, especially in non-regulated environments.
  • Limited AI Adoption: AI remains largely experimental, with few organizations applying it to ICS/OT due to lack of use cases and safety/reliability concerns.

These findings and more will be explored in depth during the SANS 2024 ICS/OT Cybersecurity Survey Webcast on October 9, 2024, at 10:30 AM EDT. The webcast will feature survey author Jason Christopher, along with industry experts, offering actionable recommendations and analysis on strengthening ICS/OT security strategies. Registrants will also receive a complimentary copy of the survey whitepaper.

Related posts

Dynatrace: Complexity of Technology Stacks Continues to Rise as Multicloud Adoption Accelerates  

Editor

Lola VFX Selects VAST Data for Next Gen Film & TV Visual Effects 

Editor

From QR Code to Compromise: the Growing Threat of Quishing

Editor

Leave a Comment