Critical manufacturing organizations must prioritize patching as high severity vulnerabilities continue to increase within the sector.
Nearly half (48%) of critical manufacturing organizations are vulnerable to a breach according to a SecurityScorecards report titled Addressing the Trust Deficit In Critical Infrastructure, published on 18 January 2023.
The report analyzed the current state of cyber resilience in the critical infrastructure sectors such as energy, chemical, healthcare, and others, as designated by the Cybersecurity and Infrastructure Security Agency (CISA).
As part of the report, the 48% of the organizations analyzed received a rating of ”C”, “D” or “F” on SecurityScorecard’s security ratings platform.
Organizations with an “A” security rating are 7.7 times less likely to sustain a breach than those with an “F” rating, Security Scorecard explained.
Speaking to Infosecurity, Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard said, ““The biggest area of improvement in ratings is patching - SecurityScorecard measurements show an increase by 38% year over year of high severity vulnerabilities that remain unpatched. Patching is an area that they should prioritize and make sure that they build repeatable capabilities to do asset classification, discover out of date versions, and then promptly fix them.”
The company also said, in 2022 alone, 76% of critical manufacturing organizations have high and medium-severity CVEs.
The ratings company also found that the sector experienced an increase in malware infections from 2021 to 2022. In 2022, 37% of critical manufacturing organizations had malware infections.
SecurityScorecard considers 10 factors when developing an organization’s security rating. Of those 10, the patching cadence ‘factor’ for critical manufacturing experienced a significant drop from 2021 to 2022, moving from 88 (B) to 76 (C).
“While investing in more technology might seem burdensome to resource-constrained critical infrastructure operators, the reality is that cybersecurity ratings technology is extremely cost-effective, especially when you consider the catastrophic cost of a breach is $9.44 million on average for US organizations,” Yampolskiy said.
SecurityScorecard recently joined the World Economic Forum (WEF) Global Innovators Community. The report was launched during the WEF’s Davos event.
According to the World Economic Forum, only 19% of cyber leaders feel confident that their organizations are cyber resilient.
In April 2022, SecurityScorecard was added to the catalog of Free Cybersecurity Services and Tools, established by CISA to enhance the cyber resilience of vulnerable and under-resourced critical infrastructure sectors.