logo
ENFRع
7% of industrial organisations tackle vulnerabilities only when they occur —Study

7% of industrial organisations tackle vulnerabilities only when they occur —Study

Zawya25-06-2025
A study titled: 'Securing OT with Purpose-built Solutions' conducted by Kaspersky in collaboration with VDC Research, illuminates the shifting landscape of cybersecurity within the industrial sector.
Focusing on key industries such as energy, utilities, manufacturing and transportation, this research surveyed over 250 decision-makers to unveil vital trends and challenges faced in fortifying industrial environments against cyber threats.
A strong cybersecurity strategy begins with complete visibility into an organisation's assets, allowing leaders to understand what assets need protection and assess the highest risk areas. In environments where ICT and OT (Operational Technology) systems converge, this demands more than just a comprehensive asset inventory.
Organisations must implement a risk assessment methodology that is aligned with their operational realities – by establishing a clear asset baseline, organisations can engage in meaningful risk assessments that address both corporate risk criteria and the potential physical and cyber consequences of vulnerabilities.
Recent survey findings reveal a concerning trend: a significant number of organisations are not engaging in regular penetration testing or vulnerability assessments.
Only 27.1 per cent of respondents perform these critical evaluations on a monthly basis, while the majority—48.4 per cent—conduct assessments every few months. Alarmingly, 16.7 per cent do so only once or twice a year, and 7.4 percent address vulnerabilities solely as needed. This inconsistent approach can leave organisations vulnerable as they navigate an increasingly complex threat landscape.
Every software platform is inherently vulnerable to bugs, insecure code, and other weaknesses that malicious actors can exploit to compromise IT environments. For industrial companies, effective patch management is therefore crucial to mitigate these risks.
However, studies reveal that many organisations encounter significant challenges in this area, often struggling to allocate the necessary time to pause operations for critical updates.
Disturbingly, many organisations patch their OT systems only every few months or even longer, significantly heightening their risk exposure. Specifically, 31.4 percent apply patches monthly, while 46.9 percent do so every few months, and 12.4 percent update only once or twice a year.
These challenges in maintaining effective patch management are exacerbated in OT environments, where limited device visibility, inconsistent vendor patch availability, specialised expertise requirements and regulatory compliance add layers of complexity to the cybersecurity landscape.

Hashtags

Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

A CISO's guide to securing XIoT in the Middle East
A CISO's guide to securing XIoT in the Middle East

Khaleej Times

time9 hours ago

  • Khaleej Times

A CISO's guide to securing XIoT in the Middle East

The rapid expansion of the Internet of Things (IoT) is reshaping the physical and digital contours of modern infrastructure. From biometric gates at international airports to infusion pumps at hospitals, from ubiquitous surveillance devices to office peripherals of a mundane kind — the networked device universe is ubiquitous and exposed. This interconnected network offers clear functional benefits. However, as more devices communicate with each other, there are more entry points for cyberattacks. The numbers are staggering. The Middle East IoT market is projected to grow from $43.99 billion to $241.65 billion by 2030, a 449 per cent increase. Saudi Arabia alone commands nearly 40 per cent of the regional market, generating $10.22 billion in revenues. Yet, as organisations embrace XIoT (extended Internet of Things), security risks escalate. The Middle East saw a 211 per cent rise in Distributed Denial of Service (DDoS) attacks in 2024, while the average cost of a cyber breach now stands at $8.75 million. Mega-breaches — those affecting 50 to 60 million records — have soared to $375 million, up $43 million from 2023. To fully benefit from the tremendous value of IoT devices, they need to be secured and managed effectively. Proper security management ensures devices are protected from cyber threats, minimising vulnerabilities that attackers exploit. This involves comprehensive visibility into device usage, regular updates to firmware, strong authentication methods, and proactive monitoring to detect and respond swiftly to security incidents. Organisations should invest in robust cybersecurity frameworks to harness IoT's full potential safely and sustainably. For the modern CISO, the mandate extends beyond protection to building a resilient cybersecurity strategy — one that ensures rapid detection, response, and recovery. In today's threat landscape, resilience isn't optional; it's a strategic necessity for business continuity and trust. 1. Know what you own: The XIoT visibility challenge You cannot protect what you cannot see. Many organisations have thousands of connected devices, yet few have a complete inventory. From smart cameras to industrial sensors, these silent operators are often neglected, leaving security gaps. S teps to take: • Catalogue every device – Identify all XIoT endpoints across departments, from IT to operational technology (OT). • Assess security measures – Check for outdated firmware, default passwords, and unpatched vulnerabilities. • Engage stakeholders – Hold cross-functional meetings with IT, OT, and physical security teams to ensure all devices are accounted for. Visibility is the foundation of security. Without a real-time asset inventory, XIoT security is a guessing game. 2. Automate security fixes: Stay ahead of the threats Manual patching is a losing battle. With multiple vendors, different operating systems, and legacy devices, keeping up with security updates is impossible without automation. What to automate: • Eliminate default logins – Many devices ship with 'admin/admin' credentials. These must be changed immediately. • Firmware updates – Some vulnerabilities, like those in Z-Wave chipsets, require urgent patching. If updates are unavailable, devices must be segmented. • Standardise security settings – Enforce encryption, secure boot, and endpoint monitoring across all connected devices. • Pro tip: Not all XIoT devices can be patched. If an update is unavailable, limit access and segment networks to reduce risk. 3. Continuous monitoring: The watchtower approach Static defences are not enough. Attackers are evolving, and so must security teams. Continuous monitoring provides real-time visibility into suspicious behaviours, unauthorised access attempts, and misconfigured devices. Best practices: • Monitor device behaviour – Use AI-driven analytics to flag unusual activity, such as an XIoT device suddenly communicating with an unknown server. • Establish incident workflows – Ensure that alerts from security operation centers (SOCs) reach the right teams in real time — whether IT, OT, or physical security. • Leverage threat intelligence – Study patterns of attempted intrusions to adjust defenses accordingly. XIoT security is not just about detection — it's about rapid response. A CISO's playbook for XIoT security Securing XIoT in the Middle East demands a dynamic, strategic approach that matches the scale and speed of the growing threat landscape. The region's digital economy is accelerating, and the volume of connected devices is rapidly multiplying. To stay ahead, CISOs must proactively identify assets, automate defences, consistently monitor threats, and swiftly enforce response frameworks. Speed and scalability are critical organisations must transition swiftly from reactive strategies to proactive, automated, and ultimately autonomous security operations. Ultimately, it is leadership, not just technology, that drives robust xIoT security. By positioning cybersecurity as a long-term strategic investment, organisations can protect infrastructure, ensure operational resilience, maintain trust, and unlock the benefits of digital transformation safely. In our increasingly connected world, proactive protection is no longer optional — it's the smarter path forward. The writer is Middle East & Africa Vice President at Phosphorus Cybersecurity.

ADGM-based Ruya Partners secures $55mln for fiber production plant in Saudi Arabia
ADGM-based Ruya Partners secures $55mln for fiber production plant in Saudi Arabia

Zawya

time12 hours ago

  • Zawya

ADGM-based Ruya Partners secures $55mln for fiber production plant in Saudi Arabia

Abu Dhabi Global Market (ADGM)based private credit fund manager Ruya Partners secured a $55 million (SAR 206 million) private credit investment to fund the development of an innovative hygiene nonwoven fiber production plant in Yanbu, Saudi Arabia. The transaction was completed as part of a consortium with a fund managed by a leading regional financial institution, according to a recent press release. This investment contributes to boosting the region's production capabilities in nonwoven materials amid the growing demand within the hygiene sector. It also supports the Kingdom's broader vision of industrial diversification and sustainable economic growth, in line with the Saudi Vision 2030. The funding will be used to back the construction of a staple fiber production facility owned by the Al Shair Group. The plant will be a raw material supplier to United Saudi Company (USC), the only dry-laid hygiene nonwoven manufacturer in Saudi Arabia and wholly owned by the Al Shair Group. Meanwhile, the facility will result in the culmination of a strategically important vertical integration of Al Shair's nonwoven operations, enabling the whole supply chain and all related value-added to be brought into Saudi Arabia. The operational phase is expected to commence within two years, with an initial production capacity of 30,000 metric tons. It is planned to expand this capacity to 50,000 metric tons during a subsequent phase of development, enhancing production efficiencies and meeting the region's growing market demand. Mirza Beg, Partner and Co-Chief Investment Officer of Ruya Partners, said: 'We firmly believe that this hygiene nonwoven fiber production plant will play a pivotal role in meeting the increasing regional demand and strengthening Saudi Arabia's position in this vital market.' Addressing the importance of this upstream integrated project, Talal Al Shair, Founder and Executive Chairman of Al Shair Group, said: 'The new facility will not only enhance local production capacity for hygiene nonwoven fibers but also support the Kingdom's strategic goal of industrial diversification, integration and support the circular economy under Vision 2030.' Omar Al Yawer, Partner and Chief Capital Formation Officer of Ruya Partners, commented: "This latest investment marks a meaningful milestone as Ruya Private Capital Fund I's fifth deployment and the fourth financing supporting Saudi Arabia's corporate growth. 'This collaboration highlights our continued commitment to providing strategic capital to transformative companies that are powering the Kingdom's economic diversification,' he added.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store