Claroty is the cyber-physical systems (CPS) protection company, and the results of its new research on the impacts of economic uncertainty and its drivers on organisations’ ability to protect their CPS environments make for sobering reading.
The report, titled “The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape,” (download link below) is based on a global independent survey of 1,100 infosecurity, OT engineering, clinical & biomedical engineering, and facilities management & plant operations professionals.
Joining me to discuss the report, the risk to Australia’s critical infrastructure, and more, is Leon Poggioli, Regional Vice President, A/NZ at Claroty - please watch, and read on for more details of the report, where to download it, and how to register for the October 23 (Australian time).
An AI-generated short summary of the video interview, to spark your interest in watching it to learn more, is as follows: “Australia's essential critical infrastructure, from power stations to transport, faces escalating cybersecurity risks as traditional Operating Technology (OT) has evolved into interconnected Cyber-Physical Systems (CPS). Geopolitical shifts are increasing risk for nearly half of operators, and a significant confidence gap exists in securing newer CPS components like Industrial IoT and building management systems.
“To address this, organisations are overhauling their strategies—driven by regulations like the SOCI Act and abandoning the false security of the "air-gap"—to focus on asset visibility and building stakeholder engagement with OT owners. While technology aids in automating asset discovery, the true success of protection against sophisticated threats, including nation-state actors, relies primarily on establishing the right people and processes to prioritiae high-impact vulnerabilities.”
So, what else does the report highlight, where can you download it in full, and how can you register for the October webinar?
|
|
The findings revealed that nearly half (49%) of respondents report that supply chain changes caused by shifting global economic policies and geopolitical tensions around the world are creating increased cyber risk to CPS assets and processes.
Forty-five percent are also concerned about their ability to reduce risk to key CPS assets, and in their overall understanding of their risk posture. Additionally, 67% said that they are reconsidering the geography of their supply chain to mitigate risks to CPS posed by economic and geopolitical uncertainties.
A ripple effect of shifting supply chains is the escalation of risks associated with third-party remote access, as organisations re-evaluate their vendors and introduce new remote access tools into already complex and exposed CPS environments.
Forty-six percent of respondents said they’ve been breached in the last 12 months because of third-party access and 54% report they’ve discovered security gaps or weaknesses in vendor contracts post-incident. As a result, 73% of respondents said they are re-evaluating third-party remote access to CPS operations.
Respondents also highlighted regulatory changes as a source of uncertainty. Depending on the regions in which they operate, organisations may be grappling with swift de-regulation or growing momentum for more regulation. The research showed that despite successful efforts to follow established frameworks such as the NIST Cybersecurity Framework and ENISA in Europe, there are concerns over what’s to come from the regulatory environment.
Although nearly 70% of respondents said their current CPS security programs adhere to cybersecurity standards, 76% said that emerging regulations—be it government, international or industry-specific—may require their organisations to overhaul their strategies, which could cause massive disruptions to operational efficiency.
"Attackers often see times of instability as opportunities to strike. Distracted defenders are ineffective defenders. This combined with the impact of critical infrastructure on economic stability, national security, and public safety makes it a particularly attractive target." said Sean Tufts, Field Chief Technology Officer at Claroty.
“The survey results show that economic uncertainty and geopolitical tensions are making it harder for security teams to protect critical systems, compounded by third-party vulnerabilities that are further driving up risk. While the challenge is great, the opportunity for organisations to fundamentally shift how they approach their CPS security is greater.”
These findings highlight the importance of taking an impact-centric approach to risk reduction that focuses on regulatory outcomes and exposure management, with the top risk mitigation strategies being regular security audits (49%) and process improvements for providing change approvals (45%). This will enhance compliance efforts and uncover vulnerabilities particularly where there may be blind spots among third-party vendors.
Commenting on the upcoming October Cyber Security Awareness Month, Poggioli highlights why it’s imperative we broaden national discussion on security and resilience to include Australia’s critical infrastructure, stating: “With risk management reports due for operators this week, campaigns like Cyber Security Awareness Month should stress the importance of critical infrastructure to our national security, our collective responsibility to protect it and how government and industry can help bridge the IT-OT gap.”
To learn more, download the full report: The Global State of CPS Security 2025: Navigating Risk in an Uncertain Economic Landscape or register for the webinar on Wednesday, October 22, at 8 AM PT/ 11 AM ET / 3 PM GMT / 4 PM CEST.
This timezone is equates to 2am on October 23 in Australia, but I after I registered, I received a second webinar time of Tuesday October 28 at 2 to 3pm AEDT, so if you’re in this time zone when you register, you’ll clearly get that option, too.
You can also read an article that Leon wrote for Facility Perspetives Magazine, titled: "Smart Buildings, Smarter Threats: The Rising Cyber Risks Facing Building Management Systems", here.
