Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Survey Shows Staff Bigger Threat To Cyber And Physical Security Than Cyber Criminals

AUCKLAND, March 24, 2020 — A new Newsweek Vantage survey finds as critical infrastructure organisations converge their IT, operational technology (OT), internet of things (IoT) and physical systems to improve overall performance, employees are the biggest threat to cyber and physical security.

The independent report, “Weathering the Perfect Storm: Securing the Cyber-Physical Systems of Critical Infrastructure,” queried over 400 C-level executives from critical infrastructure organisations across North America, Europe and Asia Pacific and found:

  • 52% say employees are the biggest threat to operational security
  • Cyber incursion into IT data systems accounted for 53% of attacks in the last 12 months
  • 85% of security incursions made their way into OT networks – of those, 36% started in IT/data systems and 32% involved physical incursion into OT
  • More than half (64%) say it took a cyber or physical security breach to motivate them to move toward a more holistic approach to cyber-physical security
  • A quarter believe their existing security is adequate

“The perfect storm of increasing cyber threats, digital transformation and IT/OT convergence means organisations must move swiftly to gain visibility and enhance cybersecurity into their OT and IoT networks,” said Nozomi Networks CMO Kim Legelis. “It’s a board issue and an employee issue. We are encouraged that organisations recognise both the threats and the opportunities of modernising critical infrastructure. We know from working with thousands of industrial installations, that it’s possible to monitor and mitigate these risks, whether they stem from cybercriminals, nation-states or employees.”

Other report findings include:

The Integration of IT, OT and Physical Systems is Mainstream

  • 88% of critical infrastructure executives surveyed have either already integrated their systems or say the integration process is underway
  • 68% say that some of their OT and/or physical systems are isolated from IT, but that the integration process is ongoing
  • One in five respondents (20%) say that all their systems are fully integrated with externally accessible systems, and even fewer (11%) say that none are

The Threat Landscape is Changing – and So Are Security Postures

  • Nearly nine in 10 executives say their organisation has experienced a security incident in the previous 12 months and more than half have suffered two or more
  • 85% of security incidents involved OT – of those, 36% started in IT/data systems and 32% involved physical incursion into OT
  • Nearly half of respondents (47%) say cyber-criminals pose the biggest risk
  • But an even larger number (52%) believe former and current employees are the greatest threat
  • 70% of respondent organisations are taking steps to address the new vulnerabilities created by the integration of cyber/digital and OT/physical systems, though the specific nature of those steps varies

Challenges and Obstacles to a Holistic Approach to Cyber-Physical Security

  • Nearly half of respondent organisations (49%) struggle with differences in risk tolerances between IT and OT in an environment that has traditionally associated those two areas with very different goals
  • Differences between IT and OT operating environments (43%) and cyber/IT skills requirements (40%) are the top two technical obstacles
  • 30% face employee resistance to cultural change

Motivating Change

  • 32% say clear directives regarding risk tolerance or performance either from IT/OT executives or from the CEO or Board is driving change

The survey, conducted by Newsweek Vantage in partnership with Nozomi Networks, Siemens and Yubico with guidance from the International Society of Automation (ISA), can be found here:

© Scoop Media

Business Headlines | Sci-Tech Headlines


Reserve Bank: RBNZ To Implement $30bn Large Scale Asset Purchase Programme Of NZ Govt Bonds

The Monetary Policy Committee (MPC) has decided to implement a Large Scale Asset Purchase programme (LSAP) of New Zealand government bonds. The negative economic implications of the coronavirus outbreak have continued to intensify. The Committee ... More>>


Elevate NZ: Venture Fund To Lift Productivity

The Government’s new $300 million venture capital fund - announced in last year’s Budget – is now open for business as the Elevate NZ Venture Fund. Finance Minister Grant Robertson says lifting New Zealand's productivity requires well-functioning ... More>>


COVID-19: Case Confirmed In NZ – Expert Reaction

After spreading across the globe for months, the first case of COVID-19 has been reported in New Zealand. The Ministry of Health says the risk of a community outbreak is low, due to their preparedness and the high awareness of the disease. The Science ... More>>


Agriculture: New Legislation To Boost Organics

New organics legislation will boost consumer confidence and help grow an innovative sector, says Food Safety Minister Damien O’Connor. “The Organics Product Bill, introduced to Parliament this week, aims to increase consumer confidence when purchasing ... More>>


Biodiversity Policy: Misinformation Circulating

Forest & Bird is concerned at misinformation circulating regarding a policy statement aimed at protecting New Zealand’s unique biodiversity. The National Policy Statement for Indigenous Biodiversity is being consulted on by the ... More>>