Gartner® Report: Facing New Vulnerabilities – Cyber-Physical Systems Mandate Changes to Traditional IT Governance
Risk-based vulnerability management: A top cybersecurity priority for 2021
Cyber-physical systems are forever reshaping the cybersecurity landscape. OT/IT convergence, Internet of Things (IoT), and Industrial IoT (IIoT) have resulted in a growing list of unique vulnerabilities.
According to Gartner, “Over the last 18 months, an increasing number of vulnerabilities impacting a wide range of cyber-physical systems have been disclosed, a trend likely to continue into 2022 and beyond.”
To manage the technology, information, and resilience risks related to cyber-physical systems, recommendations in this report include:
- Focus on explaining the growing list of vulnerabilities that need to be managed, which ones are likely to be exploited, and why an updated security strategy is needed.
- Broaden the approach to vulnerability management. It is critical to evaluate the risk of fixing a vulnerability against the risk, and likelihood of attack.
- Develop a contextual patch management policy. If patching is possible, test all patches and firmware before deploying.*
Did you know? In 2021, Risk-based vulnerability management security project placed among top 10 for risk management and understanding process breakdowns for organizations. “Don’t try to patch everything; focus on vulnerabilities that are actually exploitable.”**
- The number of vulnerabilities impacting cyber-physical systems (CPS) continues to increase dramatically.
- While the volume of vulnerabilities is increasing, mitigation and remediation recommendations quality is uneven. Additional due diligence is needed to assess criticality, impacts, and remediation efforts.
- Due to their design, criticality, complexity, and mix of legacy brownfield systems and new greenfield deployments, CPS presents a unique set of challenges when it comes to vulnerability management, and therefore warrant a change to traditional IT governance.
Download your copy, courtesy of Skybox Security, for recommendations to update your approach to vulnerability management for this emerging technology area.
* Gartner: Facing New Vulnerabilities – Cyber-Physical Systems Mandate Changes to Traditional IT Governance, Katell Thielmann, October 2021
** Gartner: Top 10 Security Projects for 2020-2021, Contributor: Kasey Panetta, February 22, 2021; URL: https://www.gartner.com/smarterwithgartner/gartner-top-security-projects-for-2020-2021
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.