Industrial cyberattacks are hitting nearly all IoT companies

Racks of servers inside a data center.
(Image credit: Future)

Cyberattacks against Industrial Internet of Things (IoT) devices, as well as operational technologies (OT), are widespread, with almost no companies being immune, a new report from Barracuda Networks has claimed.

Polling 800 senior IT managers, senior IT security managers, and project managers responsible for IoT and OT in their organizations, the company says 94% of organizations confirmed suffering a security incident in the last 12 months. 

These breaches don’t come cheap, either. Almost nine in ten (87%) said the impact lasted for more than a day. 

Understanding the importance of security

One of the main reasons why IIoT and OT endpoints are such an interesting target for criminals, is the fact that securing these devices often takes a back seat, argues Tim Jefferson, SVP, Engineering for Data, Networks, and Application Security, at Barracuda. 

“In the current threat landscape, critical infrastructure is an attractive target for cybercriminals, but unfortunately IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk,” he said. “Issues such as the lack of network segmentation and the number of organizations that aren’t requiring multifactor authentication leave networks open to attack and require immediate attention.”

But businesses understand the importance of Industrial IoT and OT security, as 96% of the respondents stated they needed to up their investment. What’s more, 72% said they already moved with additional IIoT/OT security projects. Still, they’re a long way to go from being more secure, as they’re faced with “significant challenges” in terms of implementation.

The effort will definitely be worth it, Barracuda has further found, as among those with completed IIoT and OT security projects, 75% did not experience an impact from a major incident, at all.

“IIoT attacks go beyond the digital realm and can have real-world implications,” said Klaus Gheri, VP Network Security, Barracuda. “As attacks continue to rise across industries, taking a proactive security approach when it comes to industrial security is critical for businesses to avoid being the next victim of an attack.”

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.