IIoT Security Implementation Falls Short

Critical infrastructure is under attack, and organizations across those critical sectors acknowledged the importance of investing further in industrial IoT and OT security. Proper security can help organizations with monitoring and detecting changes in devices and processes of industrial networks.

Research from Barracude Networks – in its “The State of Industrial Security in 2022” report – revealed organizations are facing challenges when implementing IIoT/OT security. Of the organizations that responded, 93% admitted to failure. Security breaches have shown to have impacts beyond monetary losses, resulting in downtime with long-lasting breach impact.

Almost all of organizations surveyed acknowledged experiencing a security incident in the last 12 months, and 87% of organizations that experienced an incident were impacted for more than one day.

The war in Ukraine is also continuing to have an impact. Almost 90% of respondents are concerned about how the geopolitical situation will affect their organizations.

"In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk," said Tim Jefferson, senior vice president, engineering for data, networks and application security, Barracuda.

There are tools organizations can adopt to combat challenges. They include the use of secure endpoint connectivity devices and ruggedized network firewalls. These should be centrally deployed and managed via a secure cloud service. Organizations should also provide multifactor authentication and implement zero trust.

The report did reveal that MFA use is low. Only 18% of companies surveyed restrict network access and enforce multifactor authentication when it comes to remote access to OT networks. Low MFA use is prevalent even in critical industries. For example, critical verticals like energy (47%) allow full remote access without MFA for external users.

"As attacks continue to rise across industries, taking a proactive security approach when it comes to industrial security is critical for businesses to avoid being the next victim of an attack," said Klaus Gheri, vice president of network security, Barracuda.

Effective IIoT security implementations do make an impact. According to the research report, three-fourths of organizations with completed IIoT/OT security projects have experienced no impact at all from a major incident.