Last week, the SANS Institute in collaboration with Nozomi Networks released a new report, The State of OT/ICS Cybersecurity in 2022 and Beyond, analyzing the latest trends in OT/ICS cybersecurity. The study revealed, among other findings, that more than a third of organizations don’t know whether they have been compromised and attacks on engineering workstations doubled in the last 12 months.

The report, based on a survey of 332 individuals representing organizations of all sizes across every continent, found that threats to OT/ICS systems remain high. Specifically, 62 percent of respondents rated the risk to their OT environment as high or severe. Additionally, ransomware and financially motivated attacks topped the list of threat vectors at 40 percent, followed by nation-state attacks at 39 percent. Non-ransomware criminal attacks came in third, cited by 32 percent of respondents, followed closely by hardware/software supply chain risk at 30 percent.

The number of respondents who indicated they had experienced a breach in the last 12 months dropped to 10.5 percent, down from 15 percent in 2021. And 35 percent of respondents who experienced a breach said the engineering workstation was the initial infection vector, doubling from 18.4 percent last year. Consequently, attacks using engineering workstations as an initial access vector are now the third most common vector, after IT compromises and replication through removable media. Despite the increasing threats, OT/ICS cybersecurity postures are maturing. The overwhelming majority of respondents, 83 percent, monitor their OT system security. Eighty-eight (88) percent have conducted a security audit of their OT/ICS environment in the past year. And 66 percent say their control system security budget increased over the past two years. Access the full report at Nozomi Networks or read more at SecurityWeek.