Gartner predicts 30% of critical infrastructure organizations will experience a security breach by 2025
According to Gartner, Inc., 30 percent of critical infrastructure businesses will experience a security compromise by 2025, resulting in the shutdown of an operations or mission critical cyber physical system.
Security of critical infrastructure has become a top priority for governments around the world, with the United States, the United Kingdom, the European Union, Canada, and Australia all identifying sectors as ‘critical infrastructure,’ such as communications, transportation, energy, water, healthcare, and public facilities. Critical infrastructure is owned and operated by the government in certain nations, but private enterprise owns and operates a far bigger amount of it in others, such as the United States.
“Governments in many countries are now realizing their national critical infrastructure has been an undeclared battlefield for decades.They are now making moves to mandate more security controls for the systems that underpin these assets,”said Ruggero Contu, research director at Gartner
According to a Gartner survey, 38 percent of respondents plan to raise spending on operational technology (OT) security by 5% to 10% in 2021, with another 8% expecting an increase of more than 10%.
According to Gartner, this may not be enough to compensate for years of underinvestment in this area.
“Besides the need to catch up, there is a growing number of increasingly sophisticated threats. Owners and operators of critical infrastructure are also struggling to prepare for the coming increased oversight,”Contu said
Increased risk necessitates further precautions. a comprehensive security strategy
Critical infrastructure technologies have become more digital and networked over the time either to enterprise IT systems or to each other posing cyber physical system security vulnerabilities. As a result, the attack surface for hackers and bad actors of all kinds has grown significantly.
Organizations in critical infrastructure sectors should be more concerned with real world threats to persons and the environment than with data theft. According to Gartner, by 2025, attackers will have successfully weaponized a critical infrastructure cyber physical system to harm or kill humans.
“SRM leaders should accelerate efforts to discover, map and assess the security posture of all cyber-physical systems in their environment. Invest in threat intelligence and join industry groups to stay apprised of security best practices, upcoming mandates and requests for inputs from government entities.”said Contu
Security and risk management (SRM) professionals in critical infrastructure sectors should adopt a holistic approach to security, according to Gartner, so that IT, OT, and Internet of Things (IoT) security are all handled in concert.