Uh oh, there’s IT in my OT: Security firm Barracuda’s recently released 2022 State of Industrial Security report found that 94% of 800 senior IT, security, and project managers responsible for safeguarding industrial IoT or operational technology at their organization have faced at least one security incident within the last 12 months. Among respondents who work in government—a sector that might be an especially attractive target for well-organized and sometimes state-backed cybercriminals—as well as in mining and metals and oil and gas, that figure rose to 100%.

Just 13% of respondents said that operations were impacted for less than one day; 65% reported impacts lasting for two days or more.

Preventative measures help, but are hard to pull off: Many companies are failing to take basic security precautions when it comes to operational technology, according to the survey: Just 18% restrict network access as well as require multi-factor authentication for remote connections. Some other takeaways:

• Of those who reported no impact from their biggest security incident over the last 12 months, 75% said they had already completed some industrial IoT/OT security projects.
• Of those who experienced a significant impact, just 30% reported already having completed those projects.

Over 9 in 10 managers reported failures in security on their industrial IoT, with the top two explanations being that the project either took too long or cost too much to implement. Respondents also reported scalability, the actual level of security provided, lack of control over external devices joining the network, and the difficulties of managing a distributed environment as the most common challenges they had faced or expected to face from implementation. While around half of respondents said their organizations had implemented some form of segmentation, just 6% reached the highest and most complicated level of security—micro-segmentation, which isolates machines on separate network segments.

Tim Jefferson, Barracuda’s SVP for data protection, network, and application security, told CSO Online, “Unfortunately, IIoT/OT security projects often take a backseat to other security initiatives or fail due to cost or complexity, leaving organizations at risk.”

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @thetomzone on Twitter. Want to go encrypted? Ask Tom for his Signal.

When it’s contract time, Protiviti’s global security and privacy segment leader Terry Jost appreciates how one technology option—the virtual desktop—lessens the legal parsing.

Virtual desktop infrastructure (VDI) has a way of simplifying the data processing agreement, said Jost, managing director at the global consulting firm, who tells his clients, “We’ll…have access to your data, but there’ll be no transmission of that data off of your systems.”

While virtual desktops have existed in some form for the last 20+ years, the technology offers security and provisioning advantages for a workforce increasingly working from, well, anywhere, according to industry professionals who spoke with IT Brew.

What is a virtual desktop?

A virtual desktop provides an operating system to a user while keeping the data on a server and not the device. What’s sent across the network is not, say, an Excel spreadsheet, but a desktop image of an Excel spreadsheet—one that can be encrypted. Think of it as a livestream of a remote-controlled computer.

“[For] security, it’s a no-brainer. Having virtual desktops is much more secure than letting people manage desktops that have software,” said Jerald Murphy, SVP of research and consulting at Nemertes.

Data on the replica laptop resides in a central location, not on many individual devices that may need to be patched and updated.

“I would much rather do centralized management than distributed management. That’s a win overall,” said Adam Lotz, director of product marketing at Citrix.

VM, where?

Desktop virtualization options, including VMware Horizon, Amazon Workspace, and Citrix Virtual Apps and Desktop, began to appeal to some companies as the pandemic struck and employees went home.

Usage of Windows Virtual Desktop tripled during the third quarter of 2020, and Gartner, shortly after, predicted desktop as a service (DaaS) users to increase by over 150% between 2020 and 2023.

Read the rest here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.

Today’s top IT reads.

Stat: $3.7 billion. That’s the final price tag paid by Sony to acquire game development studio Bungie, maker of the first-person shooter series Destiny, for PlayStation. (Fanbyte)

Quote: “You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play.”—a statement from Google addressing developers, explaining the Play store’s new Data Safety section (Ars Technica)

Read: Remember the huge clamor by fans to rerelease the “Snyder cut” of the 2017 flop that was Justice League? Turns out, fake accounts were partially fueling the fervor. (Rolling Stone)

IT’ll cost ya: But with Electric’s free IT-cost calculator, you can get an estimate of the time and money your biz spends on IT-related tasks. Not crazy about your result? Electric can save you 50% on IT costs with their lightning-fast support. Calculate here.*

^{*This is sponsored advertising content.}

You know your role is critical to your organization, but do you know exactly how it contributes to the bottom line? Do you know how to evaluate your equity, hire a team or operate a business and communicate in the right way

Morning Brew designed three different Accelerators to tackle these important topics for top performers. Learn what you need to know now to level up your career.

Early bird pricing is available until Friday for the fall cohort,, so apply before tuition goes up!