At least 33 percent of the security issues found in industrial control systems (ICS) are rated as being of high or critical risk. FireEye iSIGHT Intelligence compiled data from dozens of ICS security health assessment engagements performed by its Mandiant division, and found that these issues include unpatched vulnerabilities (32 percent); password issues (25 percent); and problems with architecture and network segmentation (11 percent).
In other words, ICS environments riddled with basic security snafus, meaning that the main security risks are eminently avoidable using best practices. However, these organizations have unique challenges that have contributed to their poor security posture.
Read more about the disturbing findings of the new research on Threatpost.