Cyberattacks against businesses in the industrial sector are on the rise, hitting more than a quarter of respondents in a recent survey.
The IT Security Risks Survey from Kaspersky Lab has found that one of the fastest growing types of threats among the multitude of types that threatened industrial organizations in 2017 was targeted attacks. About 28% of the 962 industrial companies surveyed have faced targeted attacks in the last 12 months. That’s 8% more than last year, when only a fifth of the industrial market experienced targeted attacks.
“The fact that the most dangerous incident type has grown by more than a third strongly suggests that cyber-criminal groups are paying much closer attention to the industrial sector,” Kaspersky noted in the report, adding that it has seen the emergence of specific malware targeting vulnerabilities in industrial automation components in 2018.
Even as threats grow, these organizations remain unprepared. About half (48%) of industrial businesses stated that they have insufficient insight into the threats specifically faced by their business. Faced with a lack of network visibility, 87% of industrial players also responded affirmatively when asked if any of the security events they experienced over the previous year were complex—thus it comes as little surprise that industrial organizations spend on average from several days (34%) to several weeks (20%) detecting a security event.
Despite a lack of preparedness, industrial organizations themselves are fully aware of the need for high-quality protection against cyberthreats. A full 62% of employees at industrial companies firmly believe it’s necessary to use more sophisticated IT security software. However, software alone is not enough: almost half (49%) of industrial company respondents blame staff for not properly following IT security policies, which is 6% more than respondents in other sectors. Cyber-awareness training has thus emerged as a must, given that any employee, from the administration side to the factory floor, plays a key role in the safety of an enterprise and maintaining operational continuity.
“Cyberattacks on industrial control systems have become the indisputable No 1 concern,” said Andrey Suvorov, head of Critical Infrastructure Protection Business Development at Kaspersky. The good news is that the majority of industrial market players know which threats are coming to the fore today and will be relevant in the near future. That’s why it’s crucially important to implement a complex security solution that’s specifically designed to protect automated industrial environments, is highly flexible, and [is] configured in accordance with the technological processes of each organization.”