The cybersecurity of industrial control systems (ICS) is in an “abysmal” state, a new report from CloudSEK has warned.
The company scanned the web for vulnerable ICSs and found “hundreds” of vulnerable endpoints, the report explained. Often, these devices had weak passwords or were still configured to factory settings. In some instances, they contained unpatched and outdated software, carrying known and exploitable bugs, while the access credentials and source code for others had been leaked online.
According to the report, being able to find exploitable vulnerabilities online doesn’t mean much for powerful nation-state actors, who have the necessary resources anyway. However, “other threat actors” can benefit from this data greatly.
"While most ICSs have some level of cybersecurity measures in place, human error is one of the leading reasons due to which threat actors are still able to compromise them time and again."
For Sparsh Kulshrestha, Senior Security Analyst at CloudSEK, when assessing the state of cybersecurity today, one should not forget the Covid-19 pandemic and remote working.
"Owing to an increase in remote work and online businesses, most cybersecurity efforts have been focused on IT security," he said. "However, the recent OT attacks have been a timely reminder of why traditional industries and critical infrastructure need renewed attention, given that they form the bedrock of our societies and our economies."
- Keep your organization safe with the best business antivirus solutions right now