June 24th: Cyberthreat Defense Report 2022 +++ OT Vulnerabilities +++ Flaws in Siemens System

Cyberthreat Defense Report 2022

Each year, CyberEdge publishes the Cyberthreat Defense Report (CDR). Aimed at IT security leaders, this comprehensive report outlines the threats, security issues, and industry concerns that are most pressing. Information summarized in the CDR is gathered through surveys conducted in 17 countries and 19 industries:

Alarmingly, more than 85% of organizations reported a successful cyberattack in the past year. For the seventh year running, malware leads the pack with 4.01 points on average. Malware is identified as a key component of ransomware, phishing, digital skimming, and similar attacks. For the third year in a row, organizations report that lack of skilled personnel as their primary challenge. While a longstanding issue, 2022 has exasperated this issue as organizations struggle to hire and retain staff. The second most noted barrier to building a robust security strategy is low awareness amongst users and employees.

If you want to dig deeper, here is our source material for you to enjoy: 
CyberEdge-2022-CDR-Report.pdf (cyber-edge.com)

56 Vulnerabilities discovered in OT Products From 10 Different Vendors

Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness and has uncovered a total of 56 vulnerabilities in OT products from 10 vendors. Many of the vulnerabilities are the result of device vendors not including basic security mechanisms, such as authentication and encryption, in their technologies.

Do you want to know more? Here are our trusted sources:
OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT – Forescout

https://www.forescout.com/resources/ot-icefall-report/

Over a Dozen Flaws in Siemens Industrial Network Management System

Team82 have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems.

For more insights on the topic, feel free to check our sources below:

https://claroty.com/2022/06/16/blog-research-securing-network-management-systems-part-3-siemens-sinec-nms/


Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.

Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.

And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.