Intelligent CISO Issue 16 | Page 22

infographic P A new SANS study has explored the cybersecurity risks associated with operational technology. 22 People remain the greatest threat to industrial control systems (ICS) and associated networks, according to a new SANS survey focused on better understanding cybersecurity risks to operational technology (OT) systems. More than half of respondents also see the cyber risks to their safe and reliable operations as high or higher than in past years. A total of 348 security professionals worldwide, representing IT, OT and hybrid IT-OT domains provided their thoughts in the SANS 2019 State of O7/ICS Cybersecurity Survey. Sixty-two percent of those surveyed believe people are the greatest risk to cybersecurity compromise, trailed by technology (22%) and processes and procedures (14%). “The obvious concern about the risk that people represent – whether they are malicious insiders, careless employees or nation-state bad actors – is consistent across industries,” said Barbara Filkins, SANS Senior Analyst. “We were a little surprised at the lower-ranking concern around process, given that there is significant complexity involved in ICS design, implementation and operation to safeguard OT systems. It’s possible recent attacks that almost always include tried-and- true tactics that exploit human- factors might have impacted our respondents’ perceptions.” Doug Wylie, Director of SANS Industrials and Infrastructure Business Portfolio Survey takers told SANS that identifying connected assets and gaining visibility into device, network and control system integrity remains an issue; 45.5% consider it a leading focus for their organisations. Sixty-two percent of those surveyed believe people are the greatest risk to cybersecurity compromise, trailed by technology (22%) and processes and procedures (14%). Issue 16 | www.intelligentciso.com