A new Kaspersky report, “Kaspersky ICS Security Survey 2022: The seven keys to improving OT security outcomes”, reveals that 20% of industrial businesses across META tend to switch off their cybersecurity product if it is affecting their production processes or automation systems.
Overall, 29% of META organisations face such problems occasionally and another 59% have dealt with these issues at least once. This can all be traced back to compatibility dilemmas.
When implementing security solutions in an operational technology environment, it is vital that organisations strike a balance between security and production continuity. Otherwise, unplanned downtime caused by production interruptions can cost companies up to $260 000 per hour, according to some estimations.
Finding this balance can be challenging and can even lead some companies to switch off their protection. For others, a balance exists but it leans to one side. Most respondents from the META region (80%) prefer changing security settings to find the compromise between security and productivity, while 40% would rather change their production and automation systems to avoid conflict. Globally, 44% of respondents believe the issue lies with the vendor or security provider and prefer to switch providers in order to keep their production processes unaffected.
One possible reason behind companies’ compatibility issues is that their operational technologies (OT) or industrial control systems (ICS) may be out of date and cannot be upgraded.
One of the respondents from a high-tech manufacturing firm in North America said: “Our largest issue with our OT and ICS is that the equipment we own isn’t upgradable beyond its current level. The manufacturers don’t offer any type of upgrade to our current systems. We are stuck on outdated platforms that are, and remain, vulnerable.”
In fact, according to those surveyed globally and in the META region, it is impossible for the average industrial organisation to update every sixth (16%) endpoint in their OT network.
“In the past asset owners reasonably assumed that the protection and automation systems responsible for the core business processes of an industrial organisation would be left undisturbed throughout the equipment’s lifetime, lasting decades – with the possible exception of occasional settings changes,” says Kirill Naboyshchikov, business development manager at Kaspersky Industrial CyberSecurity. “It was common practice to commission systems as a whole and perform complete retesting and recommissioning if any changes were to be made.
“However, with the introduction of next generation digital automation systems, there are many instances where this may no longer be the case. Therefore, both general purpose and ultra-specialised computer-based automation systems should be equipped with the following security subsystems and tools and processes: a vendor-approved, holistic and centrally managed protection system; permanent vulnerability monitoring and compliance scanning; network intrusion and anomaly detection; and update, patch management and version control.”