Of the industrial companies that participated in the IT Security Risks Survey, every fourth has faced a variety of cyber attacks. Worryingly, one of the fastest growing types of threat among the multitude targeting industrial organizations in 2017 was targeted attacks. To make factory floors more secure in 2018, it’s critical to eliminate targeted attacks from cybersecurity blind spots, warns Kaspersky Lab.
Due to the steady increase in complexity and number of attacks on the industrial market, the consequences of ignoring cybersecurity issues could now be disastrous. 28 per cent of the 962industrial companies surveyed have faced targeted attacks in the last 12 months.
That’s 8 p.p. more than last year, when only 20% of the industrial market experienced targeted attacks. This confirms the predictions of Kaspersky ICS CERT experts about the emergence of specific malware targeting vulnerabilities in industrial automation components in 2018. The fact that the most dangerous incident type has grown by more than a third strongly suggests that cybercriminal groups are paying much closer attention to the industrial sector.
48 per cent of industrial businesses state that there’s insufficient insight into the threats specifically faced by their business. Faced with a lack of network visibility, 87 per cent of industrial players responded affirmatively when asked if any of the IT/OT security events they experienced over the previous year were complex.
This is a strong indicator of the increasingly complex nature of security incidents affecting both IT and OT infrastructures, and it comes as little surprise that industrial organizations spend on average from several days (34 per cent) to several weeks (20 per cent)detecting a security event. These findings indicate that for enterprises with critical infrastructures it has become essential to use dedicated security solutions capable of dealing with a multitude of threats – from commodity malware to attacks designed to exploit vulnerabilities in industrial automation system components.
Industrial organizations themselves are fully aware of the need for high-quality protection against cyber threats. 62 per cent of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software.
However, software alone is not enough: almost half (49 per cent) of industrial company respondents blame staff for not properly following IT security policies, which is 6 per cent more than respondents in other sectors. Cybersecurity awareness training is a ‘must’ when it comes to cybersecurity in industrial organizations, given that any employee, from the administration side to the factory floor, plays a key role in the safety of an enterprise and maintaining operational continuity.
Kaspersky Lab offers technologies and services that cover the various needs of industrial businesses and are designed to secure every industrial layer, including SCADA servers, HMIs, engineering workstations, PLCs, network connections and people. Kaspersky Industrial CyberSecurity is a holistic solution, covering all stages of the adaptive security model – from forecasting new attack vectors to the use of specialized technologies for prevention, detection and response.