IIoT security findings: more work to be done

Print Friendly, PDF & Email

Recently, Barracuda VP, Product Marketing, DNA Security Mike Goldgof appeared on Business Security Weekly in conversation with Cradlepoint CISO Ben Carr, Envision Technologies COO Jason Albuquerque, and CyberRisk Alliance Executive Director Matt Alderman. You can watch the video here.

The topic of discussion was the core findings of a new report—commissioned by Barracuda and prepared by Vanson Bourne—entitled “The state of industrial security in 2022.” The report is based on an in-depth survey of 800 senior IT managers, senior IT security managers, and project managers responsible for industrial internet of things (IIoT)/operational technology (OT) in their organizations, representing agriculture, biotechnology, construction, energy, government, healthcare, manufacturing, retail, telecommunications, wholesale, and other industries. Respondents were located across Europe, the US, and Australia.

Good news and bad

Mike does have some good news to share in the video. It turns out that the vast majority of respondents have some kind of IIoT/OT security project either underway or already completed. Another positive finding is that the organizations that have completed their IIoT/OT security projects are experiencing excellent results from them.

Unfortunately, many of the remaining findings that Mike shares with the panel range from disturbing to alarming. Here are just a few:

  • 94 percent of respondents suffered IIoT/OT security incidents in the past six months—leading to an average of two days of downtime.
  • Only 42 percent of respondents have any kind of segmentation between their IT and OT environments.
  • Remote access is woefully undersecured, with most respondents not even using multi-factor authentication (MFA), and only one percent using zero-trust access.

Indicators of progress

An interesting data point is that some 93 percent of respondents report having had at least one failed IIoT/OT security project—which indicates that at least they’re trying. Mike actually has a lot to say about why these projects failed, and what that tells us about how to achieve better results.

Ultimately, the recommendations coming out of this report are pretty simple and straightforward:

  • Secure remote access to IIoT/OT systems with MFA or zero-trust
  • Implement segmentation to isolate OT systems from corporate IT environments
  • Automate the process of applying security patches and updates

And above all, make sure that there is strong buy-in and commitment at the top executive levels, to ensure projects are carried through to completion.

There’s a lot more info to be gained from watching this wide-ranging 30-minute conversation. If you or your organization are facing the challenges of security IIoT and OT systems, it’s highly recommended that you take the time to watch it through. And if you have your free copy of the report in front of you when you do, all the better.


If you'd like to connect with Mike, he's right here on LinkedIn.

Scroll to top