The data shows major security gaps remain in key areas such as plain-text passwords, direct connections to the internet, and weak anti-virus protections. Although the prevalence of Windows XP and other legacy Windows systems has decreased year-over-year — driven top-down by management in the aftermath of NotPetya’s financial damage — CyberX is still finding unpatchable Windows systems in slightly more than half of all industrial sites.
Unlike questionnaire-based surveys, the CyberX report is based on analyzing real-world traffic from production ICS networks, making it a more accurate representation of the current state of ICS security. Now in its second year, the report is based on data captured over the past 12 months from more than 850 production ICS networks across six continents and all industrial sectors including energy and utilities, manufacturing, pharmaceuticals, chemicals, and oil and gas.
To read the full article click here.