Security News > 2022 > September > There is no secure critical infrastructure without identity-based access

Critical infrastructure organizations are lagging far behind when it comes to adopting identity-based security and modernizing their systems, which often include both operational technology and information technology components.

Despite the rising threats facing critical infrastructure systems, IBM's latest Cost of a Data Breach report found that while 41% of organizations overall have implemented some level of identity-based access solutions, only 21% of critical infrastructure organizations have done so.

The IBM report cited above also reveals that ransomware and destructive attacks represented 28% of breaches amongst critical infrastructure organizations studied.

Unlike perimeter-based security that grants access based on inherited parameters, identity-based access ensures that users are explicitly verified and then continuously authorized as they seek access to various resources.

Second, organizations should then begin a phased approach of gradually adding different access points for different groups of users, based on their level of risk.

As cyberattacks against critical infrastructure continue to increase, organizations in these vulnerable environments must recognize the holes and challenges their current security models possess.

News URL

https://www.helpnetsecurity.com/2022/09/07/critical-infrastructure-identity-based-access/