Power plants, manufacturers, and water treatment centres rely on industrial control systems (ICS) for their operations; and ICS security risks are more likely with Internet of Things (IoT) according to a report by an IT security product firm.
Kaspersky Lab finds a contradiction among industry. The IT company has found that many organisations are keen to boost the efficiency of their industrial processes with new IT, and although they are investing in security for their IT networks, they are leaving the doors to their operational technology (OT) open. This is allowing basic threats such as ransomware and malware to step right in and catch them out, according to Kaspersky Lab’s ‘State of Industrial Cybersecurity 2018’ report.
The convergence of IT and operational technology (OT), the wider connectivity of OT with external networks, and the growing number of Industrial IoT devices, can boost efficiency of industrial processes. However, these bring growing risks and points of vulnerability. According to the report, over three quarters (77pc) of companies believe their organisation is likely to become the target of a cybersecurity incident involving their industrial control networks.
Organisations are leaving a gap in the way they approach cybersecurity in their IT and OT/ICS networks. Even though they have an understanding of the risks associated with increased digitalisation, they are not putting the right cybersecurity practices in place to protect their operational networks. Half, 51pc of industrial companies claim that they were not affected by any cybersecurity incidents in the last year. With half of the research respondents working in the IT department, this finding suggests that IT managers may be unaware of incidents happening within their own industrial control systems – perhaps because they lack a unified approach to their organisation’s overall cybersecurity, the report suggests. There is also room for better integration between IT and OT cybersecurity – and near half, 48pc of organisations admit they have no measures in place to detect or monitor if they have suffered an attack concerning their industrial control networks.
These attacks could lead to damage to products, loss of customer confidence and business, or even environmental damage and loss of production. For those that have been the victim of at least one ICS cybersecurity incident over the past 12 months, one in five, 20pc say the financial damage to their business has increased, giving a further incentive to invest in better cybersecurity systems.
Despite the awareness and dedicated spend on IT security in the sector, the OT systems of industrial organisations are still getting caught out by conventional and mass malware attacks. While concern has grown around the risk of targeted attacks, almost two-thirds (64pc) of companies experienced at least one conventional malware or virus attack on their ICS in the last 12 months. Three in ten, 30pc of companies suffered a ransomware attack and a quarter (27pc) had their ICS breached due to the errors and actions of employees.
Adam Maskatiya, General Manager for Kaspersky Lab UK says it’s more important than ever, for businesses to realise the true value of cybersecurity. “Many organisations are adopting digital trends such as cloud and IoT to improve efficiencies – and it’s positive to see that an increasing amount of firms are also improving their cybersecurity strategies. This includes dedicated measures for safeguarding industrial control networks – a particularly crucial aspect for businesses to protect. However, technology is evolving all the time, which means that businesses need to keep up with the rapidly evolving pace of digitalisation. This includes updating incident response programs to cover specific ICS actions and continuing to use dedicated cybersecurity solutions to help meet the challenge.”
The adoption of Industrial Internet of Things and cloud-based systems have added a new security dimension into the mix, the report says.
