The latest report from Ponemon and Siemens, entitled Are Utilities Keeping Up with the Industrial Cyber Threat?, discusses the current operational readiness of global utilities. According to the report, over half (56%) of global utilities report at least one attack involving a loss of private information or an outage in the operational technology (OT) environment within the past 12 months.
So, how do these attacks impact utility organizations?
According to the report, the greater concern is on the impact to OT (which is considered as being behind in its security stance) than information technology, with 60% of utility organizations feeling that cyberattacks can cause damage to equipment and causes risk to employees and contractors. Additionally, 30% of attacks on OT are not detected, increasing the risk to the organization significantly.
Even more concerning is the lack of readiness uncovered in this report:
According to the report, “the industry overall is investing more resources into technology and compliance than into training or personnel” and cites the lack of investment into training as one of the “blindspots contributing to a lack of readiness.”
Because of the less-secure nature of OT systems, personnel administering and using them should undergo continual Security Awareness Training to balance out the security equation through the creation of a more security-centric culture and to create an entire workforce of users that are far-more ready for cyberattack.