Excluding the financial services industry, there were 649 breaches reported on and analyzed for the 2018 Verizon Data Breach Investigations Report (DBIR)in industries that are considered part of infrastructure verticals. These include utilities, transportation, healthcare, and others that employ operational technology (OT) systems in addition to traditional IT for their main operations.
In total, that represents 29.2% of reported breaches (not incidents). So, what exactly does that mean?
It means that just because an incident hasn't happened in your infrastructure environment, that doesn't mean it won't happen or that you can postpone or underfund your cybersecurity efforts. No, I don't believe we are facing a "Cyber Pearl Harbor." But I do believe organizations operating both IT and, particularly, OT systems need to put a more conscious effort into securing these systems not only from a security perspective but in terms of quality, safety, and reliability.
Although OT industries face a similar set of problems as traditional IT, the overall application of security programs and technologies is quite different in OT, and there is even more differentiation based on the characteristics of each vertical. That being said, there are best practices in key areas, both technical and organizational, that can help mitigate the risk to infrastructure environments, regardless of the vertical.
Read about the five best practices here.