Kaspersky Lab, the security software company, announced Tuesday (June 20) a new State of Industrial Cybersecurity 2017 security survey, which found that over half (54 percent) of ICS companies interviewed have experienced at least one cyber attack in the last 12 months — with one in five (21 percent) experiencing two incidents in the same timeframe. What’s more, half of the companies surveyed experienced between one and five IT security incidents in the past 12 months.
“As cyberattacks and the growing connected environments of industrial organizations evolve, the ICS organization will continue to face new challenges, and it’s essential that security strategies be reassessed now before it is too late,” said Clint Bodungen, senior researcher, critical infrastructure threat analysis at Kaspersky Lab, said in a press release announcing the results. “Preparedness among all departments in the organization — such as executive leaders, engineers, IT security teams and more — is key to protecting against cyberattacks. Businesses managing ICS environments need to put the necessary policies, procedures, technology and training in place immediately to properly manage these risks before they have an opportunity to damage the business.”
Kaspersky Lab and Business Advantage conducted a security survey of 359 industrial cyber security practitioners from 21 countries from February to April 2017.
The survey also revealed that ICS companies are aware of the potential risk of a cyber attack, with 74 percent saying they expect an attack on their infrastructure. The misunderstanding comes when prioritizing what risks they are facing. According to the research, while there is a lot of awareness about ransomware and targeted attacks, the biggest pain still comes from conventional malware, the security company said. Among survey respondents, conventional malware and virus outbreaks were the top incident concern for 56 percent, with threats from third parties concerning 44 percent of survey respondents and other intentional physical damage by external actors worrying 41 percent of those polled. The survey results also show there is confusion surrounding employee errors and unintentional actions, which are far more threatening to ICS organizations. What’s more, Kaspersky Lab found that struggling with a lack of IT security expertise, both internally and externally, is a major concern for ICS companies.
“This finding is worrisome as it indicates that industrial organizations are not always ready to fight attacks, while they are certainly vulnerable to being compromised by outside and internal employee cyber threats,” Kaspersky Lab said.