Connect with us

Hi, what are you looking for?

HEADLINES

Industrial firms face annual $497K cybersecurity incident bill, according to study

Although majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year.

Although majority of industrial organizations believe they are well-prepared for cybersecurity incidents, this confidence may be not well-founded: every second ICS company experienced between one and five incidents last year, according to a survey conducted by Kaspersky Lab. On average, ineffective cybersecurity costs industrial organizations up to $497K per year.

Kaspersky Lab_ICS Survey Final.jpg

The emerging Industry 4.0 trend is making cybersecurity a top priority for industrial organizations globally, adding new challenges to dealing with ICS. Challenges include the convergence of IT and operational technology (OT), and the availability of industrial control networks to external providers.

To get more insight into the problems and opportunities faced by ICS organizations today, Kaspersky Lab and Business Advantage have conducted a global survey of 359 industrial cybersecurity practitioners in February – April 2017.

One of the survey’s main findings is a gap between the reality and perception of ICS incidents.

Advertisement. Scroll to continue reading.

For example, despite 83% of respondents believing they are well-prepared to face an OT/ICS cybersecurity incident, half of companies surveyed experienced between one and five IT security incidents in the past 12 months, and 4% experienced more than six.

This raises an important question – what should be changed in these organizations’ IT security strategies and protection means, so that they can protect their critical business data and technology processes more efficiently?

Incident Experience: Cyberthreats on the Shop Floor

ICS companies are well aware of the risks they’re facing: 74% of respondents believe there may be a cybersecurity attack on their infrastructure.

Despite high awareness about new threats such as targeted attacks and ransomware, the biggest pain point for the majority of ICS organizations is still conventional malware: this tops the list of incident experience concerns – with 56% of respondents considering it to be the most concerning vector.

Advertisement. Scroll to continue reading.

In this case, perception meets reality: every second respondent had to mitigate the consequences of conventional malware last year.

But there is also a mismatch surrounding employee errors and unintentional actions – which are far more threatening to ICS organizations than actors from the supply chain and partners, and sabotage and physical damage by external actors. Yet it’s the external actors that are in the top three of what ICS organizations worry about the most.

Meanwhile, the top three incident experience consequences include damage to the product and services quality, loss of proprietary or confidential information and reduction or loss of production at one site.

Security Strategies: From Air Gap to Network Anomalies Detection  

86% of organizations surveyed have got an approved and documented ICS cybersecurity policy aimed to safeguard them from potential incidents. However, incident experience proves that a cybersecurity policy alone is not enough.

Advertisement. Scroll to continue reading.

Struggling with a lack of both internal and external IT security expertise, industrial organizations admit that a lack of skills is the utmost concern when it comes to ICS security.

This is extremely worrisome as it indicates that industrial organizations are not always ready to fight attacks, while they are constantly at the edge of being compromised. Sometimes, by their own employees.

“Internal threats are more dangerous. We are well protected against external threats, but what is done internally has a direct path without a firewall in between. The threat originates unknowingly from members of staff,” admitted an ICS practitioner from product manufacturing plant in Germany.

On the positive side, the security strategies adopted by ICS practitioners look quite solid. The majority of companies have already given up on using air gap as a security measure, and are adopting comprehensive cybersecurity solutions.

In the next 12 months, respondents plan to implement industrial anomaly detection tools (42%) and security awareness training for staff. Industrial anomaly threat detection is especially relevant as every second ICS company surveyed admitted that external providers have access to industrial control networks in their organization, widening the threat perimeter.

Advertisement. Scroll to continue reading.

“The growing interconnectedness of IT and OT systems raises new security challenges and requires a good deal of preparedness from board members, engineers and IT security teams. They need a solid understanding of the threat landscape, well-considered protection means and they need to ensure employee awareness.” said Andrey Suvorov, head of critical infrastructure protection, Kaspersky Lab. “With cyber threats on the ICS shop floor, it is better to be prepared. Security incident mitigation will be much easier for those who have leveraged the benefits of a tailored security solution built with ICS needs in mind”.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement