The digitization of industrial infrastructures continues to increase, so that 55 percent of companies are confident that the Internet of Things will significantly change the security status of industrial control systems (ICS).
According to current Kaspersky studies, 20 percent of those surveyed have already placed an increased focus on IoT-related incidents in their security planning, but security solutions against such threats have not yet been adequately implemented. Industry is becoming increasingly digital and is implementing Industry 4.0 standards - despite the market weakening as a result of the COVID-19 pandemic. According to McKinsey & Company, 90 percent of the skilled workers within the production and supply chain plan to continue investing in digitization.
IIoT - Industry IoT
At the same time, the growing number of digitization projects - for example with regard to IoT in industrial use - is raising awareness of the associated risks. For every fifth company (20 percent), attacks on the IIoT have already become a fundamental cybersecurity challenge, ahead of other serious threats such as data breaches (15 percent) or attacks on the supply chain (15 percent). Managing them increasingly requires the involvement of security professionals, not just IT teams. Companies are already aware of this: almost half (44 percent) of the IT security personnel work on initiatives to protect digitized OT systems.
Cyber security is often not yet adequately implemented
The Kaspersky analysis also shows that not all companies currently feel up to the potential threats posed by the Internet of Things. Only 19 percent have implemented a solution for active network and data transmission monitoring and 14 percent have implemented software for the detection of network anomalies. It is precisely these that make it possible to track suspicious changes or harmful activities in IoT systems.
"While industrial companies are increasingly implementing connected devices and smart systems, they should not neglect the protection factor and show the same efficiency in terms of security level," comments Grigory Sizov, Head of KasperskyOS Business Unit at Kaspersky. “Already in the initial phase of a project, it is important to include cyber security as a fundamental element of technological considerations. IIoT components must be secure at their core to eliminate the possibility of an attack on them. Together with traffic protection and other technologies, this makes the entire system secure and immune to cyber risks from the start.”
Kaspersky recommendations for protecting IIoT systems
- Protective measures should be considered right at the beginning of an IIoT implementation through the use of special security solutions. Kaspersky IoT Infrastructure Security is designed to protect industrial and corporate networks for IoT devices such as smart meters and controllers. The key element is the Kaspersky IoT Secure Gateway, which is based on KasperskyOS.
- The security status of a device should be evaluated before it is implemented. Devices with cybersecurity certificates and products from manufacturers who pay sufficient attention to information security should be selected.
- The implementation of regular security audits and the continuous provision of up-to-date information about the threat situation help to protect IoT systems comprehensively.
- Up-to-date information about relevant vulnerabilities in software and applications as well as available updates should always be available in order to ensure an appropriate and timely response to any incidents. The ICS Threat Intelligence Reporting Service provides insight into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems.
- A cybersecurity solution to analyze network traffic, detect anomalies and prevent IoT network attacks should be implemented. Kaspersky Machine Learning for Anomaly Detection analyzes telemetry and identifies all suspicious actions on the network before damage occurs.
The full Kaspersky report “The State of Industrial Cybersecurity in the Era of Digitalization” is available online as a PDF file.
More on this in the PDF at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/