Kaspersky report unveils latest ICS threats
The trend for digitalisation, including increased connectivity and IoT, is growing among industrial organisations such as power plants, manufacturers, and water treatment centers, which rely on industrial control systems (ICS) for their operations. It’s a trend that comes with acknowledged cybersecurity dangers – 65% of companies believe that ICS security risks are more likely with IoT, according to Kaspersky Lab’s State of Industrial Cybersecurity 2018 report.
The company has found that many organisations are keen to boost the efficiency of their industrial processes with new IT, and although they are investing in security for their IT networks, they are leaving the doors to their operational technology (OT) wide open. This is allowing basic threats such as ransomware and malware to step right in and catch them out.
The convergence of IT and operational technology (OT), the wider connectivity of OT with external networks, and the growing number of Industrial IoT devices, is helping to boost the efficiency of industrial processes. However, these trends bring growing risks and points of vulnerability, leading industrial organisations to feel unsafe – over three quarters (77%) of companies believe their organisation is likely to become the target of a cybersecurity incident involving their industrial control networks.
Organisations are leaving a gap in the way they approach cybersecurity in their IT and OT/ICS networks. Even though they have an understanding of the risks associated with increased digitalisation, they are not putting the right cybersecurity practices in place to protect their operational networks. 51% of industrial companies claim that they were not affected by any cybersecurity incidents in the last year. With half of the research respondents working in the IT department, this finding suggests that IT managers may be unaware of incidents happening within their own industrial control systems – perhaps because they lack a unified approach to their organisation’s overall cybersecurity. There is also room for better integration between IT and OT cybersecurity – a fact highlighted by the discovery that 48% of organisations admit they have no measures in place to detect or monitor if they have suffered an attack concerning their industrial control networks.
These attacks could lead to catastrophic circumstances, including damage to products, loss of customer confidence and business opportunities, or even environmental damage and loss of production at one or multiple sites. For those that have been the victim of at least one ICS cybersecurity incident over the past 12 months, 20% say the financial damage to their business has increased, giving a further incentive to invest in better cybersecurity systems.
Despite the awareness and dedicated spend on advanced IT security in the sector, the OT systems of industrial organisations are still getting caught out by conventional and mass malware attacks. While concern has grown around the risk of targeted attacks, almost two-thirds (64%) of companies experienced at least one conventional malware or virus attack on their ICS in the last 12 months. 30% of companies suffered a ransomware attack and a quarter (27%) had their ICS breached due to the errors and actions of employees. Targeted attacks affecting the sector accounted for just 16% in 2018 (down from 36% in 2017), suggesting that the concern and reality around the risks of targeted attacks is misplaced, and that companies relying on ICS are still falling victim to more conventional threats, including malware and ransomware, as well as targeted attacks.
“With the sector embracing more digital trends such as cloud and IoT to further drive efficiencies, the challenge and importance of cybersecurity becomes even more vital, to keep critical systems running and businesses operational. The good news is that we are seeing more and more businesses improving their cybersecurity policies, to include dedicated measures towards safeguarding their industrial control networks. While this is a step in the right direction, action needs to go further to keep up with the pace of digitalization. This includes updating incident response programs to cover specific ICS actions and using dedicated cybersecurity solutions to help meet the challenge,” says Georgy Shebuldaev, Brand Manager, Kaspersky Industrial Cybersecurity.
The adoption of Industrial Internet of Things and cloud-based systems have added a new security dimension into the mix, which is proving a challenge for industrial businesses. For over half of companies (54%), the increased risks associated with connectivity and the integration of IoT ecosystems is a major cybersecurity issue for the year ahead, as well as the implementation of measures to manage it.