INFOGRAPHIC
INFOGRAPHIC
48% of organisations have no
measures in place to protect their
industrial control networks
T
he trend for digitalisation, including increased connectivity
and IoT, is growing among industrial organisations such as
power plants, manufacturers and water treatment centres,
which rely on industrial control systems (ICS) for their operations.
It’s a trend that comes with acknowledged cybersecurity dangers –
65% of companies believe that ICS security risks are more likely with
IoT. Yet, Kaspersky Lab has also unearthed a contradiction among
the industrial community. The company has found that many
organisations are keen to boost the efficiency of their industrial
processes with new IT and although they are investing in security
for their IT networks they are leaving the doors to their operational
technology (OT) wide open.
This is allowing basic threats such as ransomware and malware to
step right in and catch them out. These and other findings, have been
unveiled in Kaspersky Lab’s State of Industrial Cybersecurity 2018 report.
Industrial businesses at a crossroads – automation efficiency vs
cybersecurity concerns
The convergence of IT and operational technology (OT), the
wider connectivity of OT with external networks and the growing
number of Industrial IoT devices, is helping to boost the efficiency
of industrial processes.
However, these trends bring growing risks and points of
vulnerability, leading industrial organisations to feel unsafe – over
three quarters (77%) of companies believe their organisation is
likely to become the target of a cybersecurity incident involving
their industrial control networks.
Organisations are leaving a gap in the way they approach
cybersecurity in their IT and OT/ICS networks. Even though they have
an understanding of the risks associated with increased digitalisation,
they are not putting the right cybersecurity practices in place to
protect their operational networks.
A total of 51% of industrial companies claim that they were not
affected by any cybersecurity incidents in the last year. With half
of the research respondents working in the IT department, this
finding suggests that IT managers may be unaware of incidents
happening within their own industrial control systems – perhaps
because they lack a unified approach to their organisation’s overall
cybersecurity. There is also room for better integration between IT
and OT cybersecurity – a fact highlighted by the discovery that 48%
32
INTELLIGENTCIO
of organisations admit they have no measures in place to detect or
monitor if they have suffered an attack concerning their industrial
control networks.
These attacks could lead to catastrophic circumstances, including
damage to products, loss of customer confidence and business
opportunities, or even environmental damage and loss of production
at one or multiple sites.
For those that have been the victim of at least one ICS cybersecurity
incident over the past 12 months, 20% say the financial damage
to their business has increased, giving a further incentive to invest in
better cybersecurity systems.
Risk perception vs reality: breached by employee mistakes
Despite the awareness and dedicated spend on advanced IT security
in the sector, the OT systems of industrial organisations are still
getting caught out by conventional and mass malware attacks. While
concern has grown around the risk of targeted attacks, almost two
thirds (64%) of companies experienced at least one conventional
malware or virus attack on their ICS in the last 12 months.
Thirty percent of companies suffered a ransomware attack and a
quarter (27%) had their ICS breached due to the errors and actions
of employees.
Targeted attacks affecting the sector accounted for just 16% in
2018 (down from 36% in 2017), suggesting that the concern
and reality around the risks of targeted attacks is misplaced and
that companies relying on ICS are still falling victim to more
conventional threats, including malware and ransomware, as well
as targeted attacks.
“With the sector embracing more digital trends such as cloud and
IoT to further drive efficiencies, the challenge and importance of
cybersecurity becomes even more vital to keep critical systems
running and businesses operational,” said Georgy Shebuldaev, Brand
Manager, Kaspersky Industrial Cybersecurity.
“The good news is that we are seeing more and more businesses
improving their cybersecurity policies to include dedicated
measures towards safeguarding their industrial control networks.
While this is a step in the right direction, action needs to go further
to keep up with the pace of digitalisation. This includes updating
incident response programmes to cover specific ICS actions and
www.intelligentcio.com