Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.

Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems

SANS's "2024 State of ICS.OT Cybersecurity report" highlights the most common types of attack vectors used against ICT/OT networks.

Jennifer Lawinski, Contributing Writer

November 6, 2024

1 Min Read
Figure 12, Initial Attack Vectors
Source: SANS

Attacks against industrial-control systems (ICS) and operational technology (OT) systems are increasing, as adversaries find weaknesses in IT networks that allow them to move into OT networks, according to a recent report from the SANS Institute.

The "State of ICS/OT Cybersecurity 2024" report is based on responses from cybersecurity professionals in various critical-infrastructure sectors. More non-ransomware incidents (74.4%) were reported than ransomware (11.7%) over the past year, according to the report.

Other initial attack vectors involved in OT/ICS incidents include compromising these systems by use of external remote services (23.7%) or Internet-accessible devices (23.7%), compromising employee workstations (20.3%) and removable media (20.3%), and a supply chain compromise (20.3%). It's worth noting that 18.6% of respondents said attackers attempted spear-phishing with an email attachment for the initial compromise.

Nearly one out of five (19%) of respondents reported one or more security incidents over the past year.

While only 12% of respondents reported being the targets of ransomware attacks in the past 12 months, the impact on the OT/ICS environment remains "potentially catastrophic," SANS said in the report. Of the organizations that reported a ransomware incident, 38% said only their IT network systems were impacted, while 28.6% said their OT/ICS networks were affected. Just 21% said both networks were impacted, and 38.1% said reliability and safety were compromised during those attacks.

"Although the overall trend [of ransomware] seems to have decreased, the impacts are still potentially catastrophic and should be considered for all ICS/OT-specific incident response programs," SANS said.

About the Author

Jennifer Lawinski

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights