Kaspersky: Industrial Enterprises Incur $ 497 Thousand Annually

Jul

10

2017

A survey by Kaspersky Lab showed that although most industrial enterprises believe they are best equipped to deal with cyber security incidents, this trust may not be based on solid foundations.

According to the survey , half of companies dealing with industrial control systems (ICS) were exposed to security breaches ranging from one to five cases last year. Thus, the average cost of useless or lost electronic security incurred by industrial enterprises per year is US $ 497,000.

Kaspersky Lab noted that the emerging trend known as Industry 4.0 makes electronic security a top priority for industrial enterprises worldwide, creating new challenges in dealing with industrial control systems such as convergence of information technology and operating technologies OT, and availability of industrial control networks for suppliers External.

To create a clearer view of the problems and opportunities faced by enterprises dealing with industrial control systems today, Kaspersky Lab and Business Advantage conducted a global survey of 359 industrial security specialists from February to April 2017.

According to one of the most prominent results of the survey, it was found that there is a gap between the reality and the perception of breaches of industrial control systems. For example, while 83% of respondents believed that they were well prepared to address security breaches of operating technologies / industrial control systems, half of the surveyed companies faced between one and five IT security breaches in the twelve months In the past, 4% of the companies surveyed were subjected to more than six security attacks.

This increase in the number of security incidents raises the question of what needs to be changed in IT security strategies and protection measures in these institutions so that they can protect their vital data and the performance of their technical channels more efficiently and effectively.

The nature of the breaches: Internal and inherent security threats

Companies dealing with industrial control systems are well aware of the risks they face. Seventy-four percent of respondents believe there is a risk of being exposed to an e-security attack. Although there is a high level of awareness about new threats such as targeted attacks and ransom attacks, the biggest concern for most industrial control companies is the risk of traditional malware: the latter is at the top of the list of concerns related to cyber attacks – 56% of the respondents to those traditional software as the most offensive offensive method. In this case, the perception meets reality: emergency response teams in half the companies surveyed were forced to mitigate the impact of traditional software attacks last year.

However, there are also errors arising from employees or unintentional misconduct, which pose a greater risk to the industrial control systems than the attack factors of the supply chain and partners, and more severe subversion and material damage caused by external attack agents. However, external attack factors are among the three most important threats to industrial control systems.

Highlighted three concerns that caused security breaches of infrastructure for industrial control systems over the past 12 months.

At the same time, the consequences of the three most significant breaches are: causing damage to the quality of the product and services, loss of ownership rights or confidentiality of information, and low or low level of productive performance in the company.

Security strategies: Eliminating the use of offline devices and detecting security vulnerabilities in the network, 86% of companies surveyed have a documented and documented policy to protect the electronic security of their industrial control systems, designed to protect them from potential breaches. However, registered security breaches show that e-security policy alone is not enough. The lack of professional experience related to the protection of IT security both internally and externally shows that lack of professional skills is the biggest and most important concern when it comes to protecting the security of industrial control systems. This is a matter of greatest concern, as industrial enterprises are not always ready to fight attacks, while they are constantly taking prudent measures for possible vulnerabilities that may arise from their employees. “Internal threats are more serious,” said one of the security specialists of industrial control systems from Germany’s manufacturing units. We are protected by the necessary security against external threats, but the actions of our internal team are implemented directly without passing through any firewall. Thus, the threat may arise unintentionally or in advance knowledge of the employees of the institutions themselves.

Five security challenges were cited by industrial control system specialists

On the plus side, the security strategies applied by the security specialists of the industrial control systems seem strong and successful. Most companies have abandoned the use of non-connected devices as a security measure, instead resorting to comprehensive e-security solutions. Over the next 12 months, respondents plan to implement and use tools for tracking and detecting industrial security vulnerabilities and organizing training programs to educate employees about e-security. Detecting the security vulnerabilities inherent in industrial networks is of paramount importance, as half of the companies that deal with industrial control systems have recognized that their external suppliers have direct access to the industrial control networks of the enterprise, which may widen the range of threats surrounding them.

Andrei Suvorov, President of Kaspersky Lab’s Dynamic Infrastructure Protection Development, said: “The increasing interconnectivity between IT and operating technology systems creates new security challenges and requires a lot of readiness from board members, engineers, IT security teams and others. They need to understand the nature of the threat scene clearly, as well as the knowledge of effective and necessary means of protection, as well as the need to ensure that their employees are sensitized. ”

“As the source of the electronic threats of industrial control systems comes from the same business environment, it is better to be better prepared,” Suvorov said. Thus, mitigating the impact of security breaches will be much easier for those who benefit from the benefits of security solutions designed in line with the nature of the needs of industrial control systems. “

Viewing:-89

In: Technology & Gadgets Asked By: [17168 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »