Understaffing, Underinvestment and Human Errors Put ICS Security at Risk: Kaspersky Report

Depending on the industry, organizations have different assessments concerning the damage caused to their business by cyber threats. For transport and logistics companies that build their business based on a service model, the most negative impact is losing customer confidence (75%). But for the majority of manufacturing enterprises (66%) and energy companies (73%), their biggest concern compromising the quality of production due to a cyber attack.

author-image
Faiz Askari
New Update
Cyber Security, IT Security, Cyber Attack, Human Errors, ICS Security, Kaspersky

According to Kaspersky Lab’s‘State of Industrial Cybersecurity 2018’survey, industrial and energy enterprises, as well as transport and logistics companies, have different opinions regarding the negative effects of cyber attacks on their industrial networks. But, when it comes to the issues affecting their ability to keep networks secure there are three key concerns they can agree on; understaffing, underinvestment by senior management and the human factor. And with almost 40%<1> of ICS computers facing attacksevery6 months, these cybersecurity gaps in critical infrastructure can significantly increase the risks for organizations.

Different fears

Depending on the industry, organizations have different assessments concerning the damage caused to their business by cyber threats. For transport and logistics companies that build their business based on a service model, the most negative impact is losing customer confidence (75%). But for the majority of manufacturing enterprises (66%) and energy companies (73%), their biggest concern compromising the quality of production due to a cyber attack.

Our research found that despite the frequency and debilitating impact of ICS network attacks, only 52% of companies have dedicated response measures in place to deal with such an incident. This is compared to the protection afforded to corporate networks, which is at a more mature level: the majority (77%)have implemented response measures in the case of incidents affecting corporate IT.

There are several common reasons why this might be the case, which unite industrial organizations as they struggle to keep ICS networks secure.

Under-resourced and under-skilled

The task of protecting industrial networks often falls to those providing corporate information security. In 40% of manufacturing organizations, ICS protection is the responsibility of corporate IT security officers. Within transport and logistics companies, over half of those surveyed (58%) confirm that ICS safety is provided by a dedicated team working full-time to combat threats.

Industrial organizations, especially those with complex technological processes, need highly specialized, qualified employees to fill the gap. For example, in the energy sector, where national critical infrastructure is managed with the help of ICS, the main challenge when it comes to security management (61%) is hiring employees with the relevant skills.

Lack of top management involvement causes underfunding

In many enterprises, IT security is a priority for senior management, but in more than half (54%) of manufacturing companies, top management is little -if at all - involved in ICS protection issues, which results in underinvestment. Indeed, two-thirds (66%) do not have a dedicated budget for providing security of critical infrastructure. And this position remains unchanged, even in the event or risk of an incident, with 17% of manufacturing organizations not considering this a sufficient enough reason to invest in ICS security.

The human factor is an evergreen problem in ICS security

The consequences of employee errors pose a critical threat to half of all organizations in all sectors (49%). This is not surprising, given that after malware and ransomware, it is the most common reason for security incidents in ICS (27%). Fortunately, companies are aware of this problem and are trying to solve it by training personnel and creating rules of behavior on critical infrastructure objects. 82% of organizations have already implemented training for employees, contractors, and vendors.

Whatever the most feared consequences for industrial organizations, the only way to prevent or lessen the effect of an attack is to put in place robust safety measures and procedures for ICS networks. Monitoring and timely responses to incidents on industrial networks should become key IT security priorities, along with educating and arming staff on how to minimize the risks to their business.

"Cyber threats are constantly evolving and targeted attacks, such as the recent Triton and Industry, exploit employee weakness. Incidents caused by accidental actions of employees can lead to data leaks and the failure or complete shutdown of production processes. For enterprises, this could lead to huge financial and reputational losses," said Georgy Shebuldaev, Head of Kaspersky Industrial Cybersecurity Business Development. "To stop this from happening, a combination of technical and administrative measures are required, which includes both the training of personnel and implementation of specialized cyberdefense systems for all levels of industrial infrastructure."

<1>In the second half of 2017, Kaspersky Lab products blocked attempted infections on 37.8% of ICS computers protected by themhttps://ics-cert.kaspersky.com/reports/2018/03/26/threat-landscape-for-industrial-automation-systems-in-h2-2017/

Internet Security Kaspersky Cyber Security Cyber Attack Human Errors ICS Security Underinvestment Understaffing