With one of the fastest growing types of threats on global industrial organisations in 2017 being targeted attacks, this year will see stronger emergence of specific malware targeting industrial automation components.
This is according to Kaspersky Lab's IT Security Risks research, which surveyed industrial companies across the globe. The research found 28% of the 962 industrial companies surveyed have faced targeted attacks in the last 12 months. That's 8 percentage points more than 2017, when only 20% of the industrial market experienced targeted attacks.
The research found around 48% of businesses in the industrial sector stated that there's insufficient insight into the threats specifically faced by their business. Out of all the companies that participated in the survey, every fourth company has faced a variety of cyber attacks, warns Kaspersky Lab.
"Faced with a lack of network visibility, 87% of industrial players responded affirmatively when asked if any of the information technology and the operational technology security events they experienced over the previous year were complex. This is a strong indicator of the increasingly complex nature of security incidents affecting both IT and OT infrastructures, and it comes as little surprise that industrial organisations spend, on average, from several days (34%) to several weeks (20%) detecting a security event," says the report.
Kaspersky experts say the most dangerous incident type, targeted attacks, have grown by more than a third, strongly suggesting that cyber criminal groups are paying much closer attention to the industrial sector.
"Cyber attacks on industrial control systems have become the indisputable number-one concern. The good news is that the majority of industrial market players know which threats are coming to the fore today and will be relevant in the near future. That's why it's crucially important to implement a complex security solution that's specifically designed to protect automated industrial environments, is highly flexible and configured in accordance with the technological processes of each organisation," says Andrey Suvorov, head of Critical Infrastructure Protection Business Development at Kaspersky Lab.
Due to the steady increase in complexity, and number of attacks on the industrial market, the consequences of ignoring cyber security issues could now be disastrous, warns Kaspersky.
Around 62%of employees at industrial companies firmly believe it's necessary to use more sophisticated IT security software. However, Kaspersky Lab warns that software alone is not enough: "Almost half (49%) of industrial company respondents blame staff for not properly following IT security policies, which is 6% more than respondents in other sectors. Cyber security awareness training is a 'must' when it comes to cyber security in industrial organisations, given that any employee, from the administration side to the factory floor, plays a key role in the safety of an enterprise and maintaining operational continuity, notes the security company.
"Cyber attacks on industrial control systems have become the indisputable number-one concern. The good news is that the majority of industrial market players know which threats are coming to the fore today and will be relevant in the near future. That's why it's crucially important to implement a complex security solution that's specifically designed to protect automated industrial environments, is highly flexible and configured in accordance with the technological processes of each organisation," says Suvorov.
Share