Security Breach: Avoiding a 'Chicken Little' Cybersecurity Strategy

Threat intelligence is important, but why manufacturers should focus on risk factors first.

When it comes to the industrial sector’s ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we’re not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It found that:

  • 80 percent of industrial sector vulnerabilities reside deep within the ICS network, making them difficult to see and harder to kick out.
  • 53 percent of the advisories Dragos analyzed could cause both a loss of visibility and control.
  • Ransomware attacks against industrial organizations increased by 50 percent last year, and Dragos tracked 28 percent more ransomware groups focused on the ICS/OT environment.
  • Attacks were confirmed in 33 unique manufacturing sectors.
  • 74 percent of all vulnerability advisories had no mitigation strategy.

I’m not going to promise solutions for all of these challenges, but we’ve definitely found a guy interested in trying. Scott Sarris is an Information Security, Compliance and Privacy Solutions Advisor at Aprio, a leading advisory and business consulting firm. Watch/listen as we discuss:

  • Why OT could affectionately be known as "Old Tech".
  • The political factors impacting IT/OT divisiveness in the industrial sector, but why Scott is optimistic about the progress being made in bringing the two segments together.
  • Why cybersecurity planning and investments needs to start with assessing and prioritizing risk.
  • How slowing down can help ramp up security efforts.
  • Why dwelling or living-off-the-land attacks will escalate.

To catch up on past episodes, you can go to or You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected]

To download our latest report on industrial cybersecurity,  The Industrial Sector’s New Battlefield, click here.

More in Video