>
Despite cybersecurity being a major concern for most businesses, many still don’t know if their endpoints (opens in new tab) was compromised or not. But this news may not be as bad as it sounds.
Cybersecurity researchers at Nozomi Networks found that more than a third (35%) of companies did not know if their organization had been hacked. Last year, however, the figure stood at 48%, indicating a solid improvement in visibility.
In addition, a quarter (24%) were confident they had not had an accident this year, twice as many as compared to the same time last year.
More money, fewer incidents
Overall, the number of respondents who admit to having had a data breach in the past 12 months decreased year over year from 15% to 10.5%. A third (35%) said the tech workstation was an initial infection vector (twice as much, compared to 18.4% last year).
All of these improvements appear to stem from rising cybersecurity budgets, the report’s authors suggest. Two-thirds (66%) said the security of their control system (opens in new tab) the budget has increased over the past two years (compared to 47% a year ago), with 56% saying they can find a compromise within 24 hours (versus 51%). More than two-thirds (69%) can now go from detection to containment in 6-24 hours.
Nearly nine in ten (87.5%) have audited their OT/control systems or networks for security vulnerabilities in the past year (vs. 75.9%), while a third (29%) have implemented an ongoing assessment program. Many monitor the security of their OT system (83%), with 41% of them using a dedicated OT SOC.
“Over the past year, Nozomi Networks researchers and the ICS cybersecurity community have witnessed attacks like Incontroller that went beyond traditional targets on corporate networks, but targeted OT directly,” said Andrea Carcano, co-founder and CPO of Nozomi Networks.
“As threat actors hone their ICS skills, the specialized technologies and frameworks for solid defense are available. The survey shows that more organizations are proactively using it. Still, there is work to be done. We encourage others to take steps now to minimize risk and maximize resilience,” concludes Carcano.