Huge percentage of companies still use systems based on older variants of Windows such as Windows 7 and Windows 2000 which puts them at serious risk. This data is provided in the CyberX 2020 Global Io/ICS Risk Report, based on the information gathered from more than 1800 networks around the world from October 2018 to October 2019.
“Based on data collected in the past 12 months from 1,821 production IoT/ICS networks — across a diverse mix of industries worldwide — the analysis was performed using passive, agentless monitoring with patented deep packet inspection (DPI) and Network Traffic Analysis (NTA)”, — tell about their job CyberX specialists.
This information states that IoT/ICS environments continue to be soft targets for opponents, with security gaps in key areas such as:
1. Outdated operating systems
2. Direct internet connections
3. Remotely accessible devices
4. Unencrypted passwords
5. No automatic AV updates
6. Unseen indicators of threats
Using outdated variants of Windows pits the industrial enterprises at high risk because criminals can hack devices using loopholes, data and PoC codes, that are usually shared. Even if Microsoft releases patches for deadly loopholes, not all the companies will be able to utilise patches in industrial systems, as was in the case of Bluekeep.
In 64% of cases, enencoded passwords were utilized in enterprise networks, making it easy for hackers to grab them. “Complicating the situation is the fact that passwords are rare, and sometimes never change at all in IoT and industrial automation environments”, – say CyberX researchers. According to experts, automatic updating of application was disabled in 66% of cases.