The past few years have been scary for Operational Technology (OT) security. Successful attacks were constantly in the news, vulnerabilities were discovered with frightening regularity, and the actual cost of ransomware skyrocketed. Let’s look at some of the statistics that OT network managers need to remember as they begin 2024 and why they matter.
More than 90% of successful cyber attacks start with a phishing email - CISA.
Phishing, specifically spear phishing, continues to be the weapon of choice. IBM reported that 62% of phishing attempts were with an attachment, 33% with a link, and 58% of phishing kits attempted to compromise passwords. Speaking of compromised passwords...
50% of IT leaders believe that passwords are too weak a security measure - Ping Identity
I could list hundreds of password statistics, but the industry consensus is that passwords are fundamentally flawed. Multifactor authentication (MFA) is growing, but passwords are still part of that process for many solutions. Speaking of compromises…
Organizations with a zero-trust approach saw average breach costs 1.76M less than organizations without - IBM.
The first step in managing security is beginning with adopting a zero-trust approach. Multiple studies show that anywhere from 40% to 90% of companies have adopted zero-trust security solutions; simply adopting a zero-trust approach doesn’t guarantee security because of vulnerabilities. Speaking of vulnerabilities…
45% of organizations experienced one or more attacks that exploited vulnerabilities in their VPN servers - Zscaler
A quick search of the Common Vulnerabilities and Exposures (CVE) database shows over 750 available vulnerability reports. This, of course, is just the publicly disclosed vulnerabilities; some of these are minor issues, but some are critical and immediately expose your network to a breach. But don’t VPNs protect you from attacks or breaches? Speaking of breaches…
The average cost of a ransomware breach was 5.13M USD - IBM.
Ransomware is even more expensive than a data breach (an average cost of 4.45M) and makes up nearly one-quarter of attacks. Interestingly, the cost of a ransom not paid breach was 5.17M, and a ransom paid 5.06M. But the cost of ransom doesn’t capture the total cost of an attack. Speaking of recovering from an attack…
It costs companies an average of 1.82M to recover from a ransomware attack - Sophos.
Another study showed the cost of recovery from an attack is also significant. Sometimes, this cost is lost revenue due to downtime, reputational damage that causes lost business, new systems installed to prevent future attacks or replacement of systems impacted by the hack. Another issue that is increasingly part of recovering from a hack is dealing with fines. Speaking of fines…
Compliance mandates drive 45% of security spending- Foundry.
Many organizations seek to deploy security solutions for their network that check the box and make them compliant. As this statistic shows, compliance is driving almost half of all security spending, and in some industries, that number is higher. But the real goal of any OT manager is to keep their operation running.
Statistics matter, but keeping OT networks operational matters more.
Critical infrastructure is just as it self-describes. Critical. Here at BlastWave, we want to ensure your network doesn't become one of these statistics. Our investments in leading-edge Network Cloaking, Secure Remote Access, and Network Segmentation give OT administrators the most robust tools to prevent their network from being the next headline of the New York Times. Get a demo and try our solution today.
Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.