Security News > 2022 > September > There is no secure critical infrastructure without identity-based access
Critical infrastructure organizations are lagging far behind when it comes to adopting identity-based security and modernizing their systems, which often include both operational technology and information technology components.
Despite the rising threats facing critical infrastructure systems, IBM's latest Cost of a Data Breach report found that while 41% of organizations overall have implemented some level of identity-based access solutions, only 21% of critical infrastructure organizations have done so.
The IBM report cited above also reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied.
Unlike perimeter-based security that grants access based on inherited parameters, identity-based access ensures that users are explicitly verified and then continuously authorized as they seek access to various resources.
Second, organizations should then begin a phased approach of gradually adding different access points for different groups of users, based on their level of risk.
As cyberattacks against critical infrastructure continue to increase, organizations in these vulnerable environments must recognize the holes and challenges their current security models possess.
News URL
https://www.helpnetsecurity.com/2022/09/07/critical-infrastructure-identity-based-access/
Related news
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)