Security News > 2024 > May > Cybersecurity analysis exposes high-risk assets in power and healthcare sectors

To understand the scope of exposure and the associated risk facing cyber-physical systems environments, Claroty's research group Team82 analyzed data from over 20 million operational technology, connected medical devices, IoT, and IT assets in CPS environments.

Researchers defined "High risk" as having a high likelihood and high impact of being exploited, based on a combination of risk factors such as end-of-life state, communication with insecure protocols, known vulnerabilities, weak or default passwords, PII or PHI data, consequence of failure, and several others.

"It's important to understand the implications of any number higher than zero when measuring the risk associated with hyper-exposed assets used to control systems like the power grid or deliver life-saving patient care," said Amir Preminger, VP of research for Claroty's Team82.

Operating from a traditional vulnerability management approach creates a severe blind spot for organizations as to their true risk posture.

The analysis shows that a combined 38% of the highest-risk OT and IoMT would be overlooked where CVSS v3.1 scores are the sole risk criteria.

"Reducing risk requires an evolution from a traditional vulnerability management program to a more focused and dynamic exposure management program that considers unique CPS asset characteristics and complexities, unique operational and environmental constraints, organizational risk tolerances, and desired outcomes of the CPS cyber risk program."

News URL

https://www.helpnetsecurity.com/2024/05/15/cps-assets-vulnerability-management-approaches/