Worried
about IoT, but hit by malware: Kaspersky Lab reveals industrial organization
constant struggle
Due to the interlinked nature of
digitalisation and cybersecurity, 65% of industrial organisations believe that
security breaches due to Industrial Control Systems (ICS) are more likely to
occur due to the Internet of Things (IoT).
Kaspersky lab, however, has unearthed a
crucial contradiction among the industrial community. Many organisations whilst
keen to boost the efficiency of their industrial processes by investing in new
IT that safeguards their IT networks, have devastatingly failed to protect
their Operational Technology (OT). This therefore allows basic but devious
threats such as ransomware and malware to attack their OT networks, These and
other findings have been unveiled in Kaspersky Lab’s ‘State of Industrial
Cybersecurity 2018’ report.
What
Should be Chosen? Efficiency or Cybersecurity?
Industrial processes are now made more
efficient due to advancing technology that is readily available and the
extensive connectivity throughout the globe.
However, these trends bring dangerous,
looming risks to organisations. This is because when organisations want to
experience these advantages, they have to keep elements of their operations
open. This makes them vulnerable to attacks. 77% of the surveyed companies
believe that they are likely to become the target of a cybersecurity incident
Most organisations have a basic
understanding of the risks that are associated with digitalization. Despite
these risks, they are willing to jump on the bandwagon and make changes to
their operations. However, they are still tragically failing to put the right
cybersecurity safeguards in place and are leaving themselves extremely
vulnerable to attacks on these operational and control networks. 48%of
organisations have admitted that they have no measures in place to detect or
monitor if they have suffered an attack concerning their industrial control
networks.
Attacks on industrial control networks
could have some serious implications on the organisation including, damaged
products, a loss of customer confidence and business opportunities, a loss of
production at one or multiple sites or even environmental damage. Amongst
organisations who have been victims to at least one ICS cybersecurity incident
over the past 12 months, 20% claimed that the financial damage to their
business has increased. They have therefore realised that they not only need to
pay more attention to the issue of cybersecurity but they also have to invest in
more reliable safeguards.
Risk
Perceptions VS Reality
The main issue according to the study is
that despite being aware of cybersecurity issues and increasing their
expenditure on cybersecurity, many industrial organisations are still falling
victim to the cyberattacks.
This is due to several facts including the
lack of awareness by employees.
Whilst organisations warn employees about
big, targeted, mass-attacks, they fail to mention the more imminent threat of
conventional attacks such as malware or ransomware attacks. The surveyed
companies have reported that they have had their networks attacked
conventionally due to the mistakes of their employees.
There is serious concern surrounding the
overexaggerated and misplaced perceptions of the risks and dangers of targeted
attacks. Companies relying on ICS are still falling victim to more conventional
threats, including malware and ransomware due to their lack of awareness that
mass attacks, while potent, is not as frequent an occurrence compared to
conventional attacks.
Future
Challenges
The adoption of Industrial Internet of
Things (IoT) and cloud-based systems have created a new security dimension,
which is proving to be a major hurdle for industrial businesses. The increased
risks associated with connectivity and the integration of IoT ecosystems is a
major cybersecurity issue for the year ahead for more than 54% of the surveyed
companies.
When it comes to cloud deployment, 15% of
industrial organisations already use cloud solutions for the Supervisory Control
And Data Acquisition (SCADA). The SCADA systems help in gathering and analysing
data in real-time. A further 25% planning to implement it in the next 12
months.
With companies investing in further smart
technologies and automation, and the adoption of industry 4.0, the trend for
connectivity and IoT is only going to increase. It is therefore vital that
cybersecurity measures keep up with the rate of technology adoption, to ensure
that the rewards of digitalisation, outweigh the risks. Business need to
consider ICS incident response systems with more seriousness, to avoid risking
severe operational, financial and reputational damage. Only by developing a
specific incident response program and using dedicated cybersecurity solutions
can businesses keep their services and products, customers and the environment
safe.