In its third Biannual ICS Risk & Vulnerability Report, industrial cybersecurity company Claroty shows a 41% increase in industrial control system (ICS) vulnerabilities in the first half (1H) of 2021 over the previous six months. Claroty’s Team82 says that most ICS vulnerabilities are classified as high or critical severity, have low attack complexity, are remotely exploitable, and may result in total loss of availability.
ICS event disclosures are drastically increasing as high-profile cyber attacks on critical infrastructure and industrial enterprises have elevated ICS security to a mainstream issue.
Key Findings Include:
- 637 ICS vulnerabilities were disclosed in 1H 2021, a 41% increase from the 449 vulnerabilities disclosed in 2H 2020. 81% of those were discovered by sources external to the affected vendor
- 71% of the vulnerabilities are classified as high or critical
- 90% have low attack complexity–they do not require special conditions and an attacker can expect repeatable success
- 74% do not require privileges and 66% do not require user interaction
- 26% have either no available fix or only a partial remediation
To access the complete set of findings, in-depth analysis, and additional steps to defend against improper access and risks, download the Claroty Biannual ICS Risk & Vulnerability Report: 1H 2021.
Original Release: PR Newswire
