Third-Party Risk Intensifies Regulatory Uncertainty in OT Security

Recent findings indicate that third-party risks present significant cybersecurity challenges for critical infrastructure providers, potentially leading to new regulatory measures aimed at enhancing the security of cyber-physical systems.

Related Insight: OnDemand | Secure Your Vendor’s Access from Attacks on Third-party Vulnerabilities

A global survey conducted by Claroty reveals a concerning trend: even as 69% of cybersecurity professionals claim to adhere to established standards, a notable 76% anticipate that forthcoming regulations will necessitate a complete overhaul of their existing security frameworks.

Sean Tufts, Claroty’s Field CTO, remarked on this paradox, stating, “On one hand, professionals believe they are meeting current regulations through best practices; on the other hand, they acknowledge the need for substantial changes, indicating confusion about future regulatory impacts.”

The survey, which involved 1,100 cybersecurity professionals, highlights that nearly 50% of organizations managing cyber-physical systems reported breaches in the last year attributable to third-party access. Additionally, 54% uncovered contractual weaknesses or security vulnerabilities post-incident.

In a recent video interview with Information Security Media Group, Tufts elaborated on related topics, including the geopolitical factors disrupting supply chains, the implications of increased regulation on security protocols, and securing essential systems such as programmable logic controllers and distributed control systems.

Tufts boasts 20 years of experience in industrial cybersecurity, having excelled in strategic leadership roles at GE and Optiv. His expertise is instrumental in guiding asset-intensive industries through the complexities of operational technology (OT), information technology (IT), and cybersecurity risk management, ensuring that Claroty’s platform consistently yields meaningful results.