CyberX releases 2020 Global Internet of Things/ICS Risk Report

CyberX, the industrial network security company, recently released the 2020 Global IoT/ICS Risk Report. The report analyzes the data that CyberX passively collected from more than 1,800 production IoT/ICS networks around the world between October 2018 and October 2019.

In all of the analysis cases, 62% of the sites were running outdated, unsupported versions of Windows systems such as Windows XP and Windows 2000. If Windows 7 is also included (this version will be discontinued in January 2020), the ratio will increase to 71%. Using these versions of Windows systems poses a serious security risk: attackers can obtain vulnerability details and PoC exploits for these systems from an open-source. In addition, even if Microsoft releases relevant updates for these systems, organizations will encounter obstacles when they update.

The data shows that 22% of sites have had suspicious activity, and another 64% of the site’s device passwords have not been encrypted. Compared to last year, the proportion of site devices that were remotely accessed or exposed to the public network was significantly lower, but the proportion of site devices running outdated systems and not automatically enabling security software was increased.

CyberX notes that equipment in the oil, gas, and energy utilities sector is safer than other sectors. This is not surprising given that “Energy utilities and oil and gas firms, which are generally subject to stricter regulations, fared better than other sectors such as manufacturing, chemicals, pharmaceuticals, mining, transportation, and building management systems (CCTV, HVAC, etc.).“