More than a quarter of the industrial companies that participated in the IT Security Risks Survey has faced a variety of cyberattacks, with targeted attacks one of the fastest growing types of threats.
Kaspersky Lab warns that, to make factory floors more secure in 2018, it’s critical to eliminate targeted attacks from cybersecurity blind spots.
Due to the steady increase in complexity, and number of attacks on the industrial market, the consequences of ignoring cybersecurity issues could now be disastrous.
More than a quarter (28%) of the 962 industrial companies surveyed globally have faced targeted attacks in the last 12 months — 8 percentage points more than last year, when only 20% of the industrial market experienced targeted attacks.
This confirms the predictions of Kaspersky ICS CERT experts about the emergence of specific malware targeting vulnerabilities in industrial automation components in 2018. The fact that the most dangerous incident type has grown by more than a third, suggests that cybercriminal groups are paying much closer attention to the industrial sector.
A full 48% of industrial businesses state that there’s insufficient insight into the threats specifically faced by their business.
Faced with a lack of network visibility, 87% of industrial players responded affirmatively when asked if any of the IT/OT security events they experienced over the previous year were complex. This is a strong indicator of the increasingly complex nature of security incidents affecting both IT and OT infrastructures, and it comes as little surprise that industrial organisations spend, on average, from several days (34%) to several weeks (20%) detecting a security event.
These findings indicate that, for enterprises with critical infrastructures, it has become essential to use dedicated security solutions capable of dealing with a multitude of threats — from commodity malware to attacks designed to exploit vulnerabilities in industrial automation system components.
Industrial organisations themselves are fully aware of the need for high-quality protection against cyberthreats. 62% of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software.
However, software alone is not enough: almost half (49%) of industrial company respondents blame staff for not properly following IT security policies, which is 6% more than respondents in other sectors.
Cybersecurity awareness training is a ‘must’ when it comes to cybersecurity in industrial organisations, given that any employee, from the administration side to the factory floor, plays a key role in the safety of an enterprise and maintaining operational continuity.
“Cyberattacks on industrial control systems have become the indisputable number-one concern,” says Andrey Suvorov, head of critical infrastructure protection business development at Kaspersky Lab. “The good news is that the majority of industrial market players know which threats are coming to the fore today and will be relevant in the near future.
“That’s why it’s crucially important to implement a complex security solution that’s specifically designed to protect automated industrial environments, is highly flexible and configured in accordance with the technological processes of each organisation.”
