30% of critical infrastructure organizations to experience severesecurity breach by 2025: Gartner

At least 30% of critical infrastructure organizations will experience a security breach by 2025, which will most likely result in the halting of an operations- or mission-critical cyber-physical system, according to Gartner.

Currently, critical infrastructure security has become a primary concern for governments across the globe, including the U.S., the U.K, EU, Canada and Australia who have individually identified specific sectors and considered them as ‘critical infrastructure’, for example, communications, transport, energy, water, healthcare and public facilities.

“Governments in many countries are now realizing their national critical infrastructure has been an undeclared battlefield for decades,” said RuggeroContu, research director at Gartner. “They are now making moves to mandate more security controls for the systems that underpin these assets.”

The reports which emerged in March showed that 38% of respondents are expected to increase spending on operational technology (OT) security between 5% and 10% in 2021, with another 8% of respondents predicting an increase of above 10%.

However, this may not be enough to counter underinvestment in this area over many years, according to Gartner.

Increased risk needs holistic security approach

The Gartner report also warned the security personnel that overlooking the security of operational technology (OT) could make critical infrastructures highly susceptible to attacks, which could potentially pose a threat to the nation as a whole. It is also being reported that by 2025, attackers will have weaponized a critical infrastructure cyber-physical system to successfully harm or kill humans.

Gartner recommends that security and risk management (SRM) leaders in critical infrastructure sectors develop a holistic approach to security, so that IT, OT and Internet of Things (IoT) security are managed in a coordinated effort.

“SRM leaders should accelerate efforts to discover, map and assess the security posture of all cyber-physical systems in their environment,” said Contu. “Invest in threat intelligence and join industry groups to stay apprised of security best practices, upcoming mandates and requests for inputs from government entities.” “SRM leaders should accelerate efforts to discover, map and assess the security posture of all cyber-physical systems in their environment,” said Contu. “Invest in threat intelligence and join industry groups to stay apprised of security best practices, upcoming mandates and requests for inputs from government entities.”