Connect with us

Hi, what are you looking for?

HEADLINES

Industrial firms face annual $497K cybersecurity incident bill, according to study

Although majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year.

Although majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year.

Kaspersky Lab_ICS Survey Final.jpg

The emerging Industry 4.0 trend is making cybersecurity a top priority for industrial organizations globally, adding new challenges to dealing with ICS. Challenges include the convergence of IT and operational technology (OT), and the availability of industrial control networks to external providers.

To get more insight into the problems and opportunities faced by ICS organizations today, Kaspersky Lab and Business Advantage have conducted a global survey of 359 industrial cybersecurity practitioners in February – April 2017.

One of the survey’s main findings is a gap between the reality and perception of ICS incidents.

Advertisement. Scroll to continue reading.

For example, despite 83% of respondents believing they are well-prepared to face an OT/ICS cybersecurity incident, half of companies surveyed experienced between one and five IT security incidents in the past 12 months, and 4% experienced more than six.

This raises an important question – what should be changed in these organizations’ IT security strategies and protection means, so that they can protect their critical business data and technology processes more efficiently?

Incident Experience: Cyberthreats on the Shop Floor

ICS companies are well aware of the risks they’re facing: 74% of respondents believe there may be a cybersecurity attack on their infrastructure.

Despite high awareness about new threats such as targeted attacks and ransomware, the biggest pain point for the majority of ICS organizations is still conventional malware: this tops the list of incident experience concerns – with 56% of respondents considering it to be the most concerning vector.

Advertisement. Scroll to continue reading.

In this case, perception meets reality: every second respondent had to mitigate the consequences of conventional malware last year.

But there is also a mismatch surrounding employee errors and unintentional actions – which are far more threatening to ICS organizations than actors from the supply chain and partners, and sabotage and physical damage by external actors. Yet it’s the external actors that are in the top three of what ICS organizations worry about the most.

Meanwhile, the top three incident experience consequences include damage to the product and services quality, loss of proprietary or confidential information and reduction or loss of production at one site.

Security Strategies: From Air Gap to Network Anomalies Detection  

86% of organizations surveyed have got an approved and documented ICS cybersecurity policy aimed to safeguard them from potential incidents. However, incident experience proves that a cybersecurity policy alone is not enough.

Advertisement. Scroll to continue reading.

Struggling with a lack of both internal and external IT security expertise, industrial organizations admit that a lack of skills is the utmost concern when it comes to ICS security.

This is extremely worrisome as it indicates that industrial organizations are not always ready to fight attacks, while they are constantly at the edge of being compromised. Sometimes, by their own employees.

“Internal threats are more dangerous. We are well protected against external threats, but what is done internally has a direct path without a firewall in between. The threat originates unknowingly from members of staff,” admitted an ICS practitioner from product manufacturing plant in Germany.

On the positive side, the security strategies adopted by ICS practitioners look quite solid. The majority of companies have already given up on using air gap as a security measure, and are adopting comprehensive cybersecurity solutions.

In the next 12 months, respondents plan to implement industrial anomaly detection tools (42%) and security awareness training for staff. Industrial anomaly threat detection is especially relevant as every second ICS company surveyed admitted that external providers have access to industrial control networks in their organization, widening the threat perimeter.

Advertisement. Scroll to continue reading.

“The growing interconnectedness of IT and OT systems raises new security challenges and requires a good deal of preparedness from board members, engineers and IT security teams. They need a solid understanding of the threat landscape, well-considered protection means and they need to ensure employee awareness.” said Andrey Suvorov, head of critical infrastructure protection, Kaspersky Lab. “With cyber threats on the ICS shop floor, it is better to be prepared. Security incident mitigation will be much easier for those who have leveraged the benefits of a tailored security solution built with ICS needs in mind”.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The campaigns show attackers are capitalizing on people’s increasing familiarity with completing multiple authentication steps online – a trend HP calls ‘click tolerance’. 

White Papers

IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on...

HEADLINES

Kaspersky participated in 95 independent tests and reviews, with its products being awarded first place 91 times and 92 TOP3 finishes, achieving the highest results among...

HEADLINES

‘Wangiri’ originated in Japan in the early 2000’s. The term describes the modus. ‘Wan’ is a play on the word ‘one’ while ‘giri’ means...

HEADLINES

Smart and its value brand TNT do not send text messages with clickable links. If you receive one—even if it looks like it’s from...

White Papers

n the Philippines, industry players are taking a more proactive approach to building a security framework for digital resilience.

HEADLINES

This marks the company’s first participation in the region’s premier tech event, where it will showcase its groundbreaking cybersecurity solutions to industry leaders, innovators,...

HEADLINES

A report found that the primary way attackers gained initial access to networks (56% of all cases across MDR and IR) was by exploiting...

Advertisement