Mumbai: Over 50 pc of cybersecurity incidents in industrial networks due to staff errors, reveals Kaspersky report “State of Industrial Cybersecurity 2019.”
Staff errors or unintentional actions were behind 52% of incidents affecting operational technology (OT) and industrial control system (ICS) networks last year, states the report.
The growing complexity of industrial infrastructures demands more advanced protection and skills. But, organizations are experiencing a shortage of professionals to handle new threats and low awareness among employees.
Digitalization of industrial networks and adoption of Industry 4.0 standards are in the pipeline for many industrial companies. Four out of five organizations (81%) see operational network digitalization as an important or very important task for this year. However, for all the benefits that connected infrastructure brings, there are associated with cybersecurity risks.
The good news is that OT/ICS cybersecurity is becoming a top priority for industrial companies, as confirmed by the majority (87%) of respondents. But to achieve the necessary level of protection, they need to invest in dedicated measures and have highly qualified professionals to make them work effectively. Despite stating it as a priority, only just over half of companies (57%) have the allocated budget for industrial cybersecurity.
In addition to budget constraints, there is also a question over skilled staff. Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches.
These challenges make up the top two major concerns relating to cybersecurity management and go some way to explaining why employee errors cause half of all ICS incidents — such as malware infections — and also more serious targeted attacks.
“This year’s study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors. Taking a comprehensive, multi-layered approach – which combines technical protection with regular training of IT security specialists and industrial network operators – will ensure networks remain protected from threats and skills stay up to date,”commented Georgy Shebuldaev, Brand Manager – Kaspersky Industrial Cybersecurity.
In addition to a technical and awareness boost for industrial cybersecurity, organizations need to consider specific protection for Industrial IoT which can become highly connected externally: almost half of companies (41%) are ready to connect their OT/ICS network to the cloud, using preventive maintenance or digital twins.
“As this ARC Advisory Group survey conducted on behalf of Kaspersky reflects, the growing interconnection between IIoT edge devices and cloud services continues to stand as a security challenge. It was a major driver for the creation of the IIC Industrial Internet of Things Security Framework as well as the subsequent best practices documents and recent IoT Security Maturity Model,” suggested Dr. Jesus Molina, Chair, IIC Security Working Group, and Director – Business Development, Waterfall Security Solutions.