CLAROTY BIANNUAL ICS RISK &
VULNERABILITY REPORT: 2H 2020
About the Report
Claroty’s second Biannual ICS Risk & Vulnerability Report offers an in-depth look at all ICS flaws disclosed in the second half of 2020, shedding light on emerging trends affecting how decision makers will tactically and strategically manage risk.
This report is an important resource for CISOs, IT, and OT managers, as it represents a comprehensive examination of the latest ICS vulnerabilities, where bugs have been found and fixed, who is finding them, and what it means for industrial companies moving forward.
The report also enumerates the most widely affected vendors and critical infrastructure sectors, the emergence of new researchers and organizations uncovering vulnerabilities, and the most common CWEs among disclosed ICS security bugs.
Key data points:
- The sectors most affected by ICS vulnerability disclosures in 2H 2020 are critical manufacturing, energy, water and wastewater, and commercial facilities.
- 72% of disclosed ICS vulnerabilities are remotely exploitable.
- 47% of disclosed ICS vulnerabilities affect Levels 1 and 2 of the Purdue Model.
- 76% of disclosed ICS vulnerabilities do not require authentication for exploitation.