Over the past few years, even mass media have been writing about industrial control systems (ICS) cybersecurity incidents with increasing frequency. Unfortunately, the problem lies not only in targeted attacks, such as BlackEnergy or Operation Ghoul, aimed at the industrial sector, but also in more common cyberthreats that do not target specific victims. The latest example is WannaCry ransomware, which was not explicitly designed to target industrial control systems yet managed to infiltrate a number of ICS networks and in some instances, led to the downtime of industrial processes.
h the help of Business Advantage, conducted a global survey of 359 industrial cybersecurity practitioners. Here is what we found.
ICS cybersecurity findings
- 83% of respondents believe they are well prepared to face an ICS cybersecurity incident. At the same time, half of the companies surveyed experienced one to five IT security incidents in the past 12 months, and 4% experienced more than six.
- ICS security practitioners have a good sense of the realities, but they’re not convinced their feelings are shared: 31% say ICS cybersecurity is a low priority for senior management.
- Ineffective cybersecurity costs industrial organizations $497K per year on average.
- For the majority of ICS organizations, conventional malware remains the biggest pain point: 56% of respondents consider it the most concerning vector. Here, perception meets reality; half of all respondents had to mitigate the consequences of conventional malware last year.
- The top three incident experience consequences include damage to product and service quality, loss of proprietary or confidential information, and reduction or loss of production at a site.
Source: Kaspersky Lab