Targeted attacks on radar for industrial organisations
To make factory floors more secure in 2018, it’s critical to eliminate specific attacks from cybersecurity blindspots
Of the industrial companies that participated in the IT Security Risks Survey, every fourth has faced a variety of cyber attacks. Worryingly, one of the fastest growing types of threat among the multitude targeting industrial organisations in 2017 was targeted attacks. To make factory floors more secure in 2018, it’s critical to eliminate targeted attacks from cybersecurity blind spots, warns Kaspersky Lab. Due to the steady increase in complexity and number of attacks on the industrial market, the consequences of ignoring cybersecurity issues could now be disastrous. 28 per cent of the 962 industrial companies surveyed have faced targeted attacks in the last 12 months.
That’s 8 p. p. more than last year, when only 20 per cent of the industrial market experienced targeted attacks. This confirms the predictions of Kaspersky ICS CERT experts about the emergence of specific malware targeting vulnerabilities in industrial automation components in 2018. The fact that the most dangerous incident type has grown by more than a third strongly suggests that cybercriminal groups are paying much closer attention to the industrial sector.
Forty Eight per cent of industrial businesses state that there’s insufficient insight into the threats specifically faced by their business. Faced with a lack of network visibility, 87 per cent of industrial players responded affirmatively when asked if any of the IT/ OT security events they experienced over the previous year were complex.
This is a strong indicator of the increasingly complex nature of security incidents affecting both IT and OT infrastructures, and it comes as little surprise that industrial organisations spend on average from several days ( 34 per cent) to several weeks ( 20 per cent) detecting a security event. These findings indicate that for enterprises with critical infrastructures it has become essential to use dedicated security soltions capable of dealing with a multitude of threats – from commodity malware to attacks designed to exploit vulnerabilities in industrial automation system components.
Industrial organisations themselves are fully aware of the need for high- quality protection against cyber threats. 62 per cent of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software.
However, software alone is not enough: almost half ( 49 per cent) of industrial company respondents blame staff for not properly following IT security policies, which is 6 per cent more than respondents in other sectors.
Cybersecurity awareness training is a ‘ must’ when it comes to cybersecurity in industrial organisations, given that any employee, from the administration side to the factory floor, plays a key role in the safety of an enterprise and maintaining operational continuity. Kaspersky Lab offers variou needs of industrial businesses.