International. According to the Kaspersky ICS 2022 security survey: 7 keys to improving OT security outcomes, cyberattacks on industrial infrastructure companies are 59% more expensive than the average for other sectors, and increased markedly in 2021.
The report estimates that industrial companies perceive that the costs of incidents have increased, compared to the end of 2019, as well as an increase in them. Overall, 46% of the organizations surveyed think that the costs of an incident are at the same level, which they consider generally high, 32% say that the financial damage has increased, while only 22% consider that there is a decrease.
This perception of the increased costs of these incidents was especially high in North America and in the consumer goods manufacturing sector. Now, these indicators must be considered taking into account the importance of these critical industries, as well as the large number and sophistication of the attacks they face.
Moreover, this study found that 91% of participants experienced at least one security issue within their Operational Technology environments in the last 12 months prior to conducting the survey.
In that sense, the document states that attacks focused on affecting Operations Technology (OT) in Industrial Control Systems (ICS) increased markedly in 2021.
As relevant data we have that there was a 45% increase in the incidence of spyware on computers used for ICS purposes, as well as a 43% increase in cases of malicious scripts and phishing pages blocked on devices running industrial systems, these taking into account the period of 2020.
The report focuses on 7 learnings from the biggest impacts on the industry:
1. Have an OT security team with the right resources and the right skills: according to the survey currently 43% of industrial companies (OT/ICS infrastructure) have specialized resources dedicated to the security of industrial control systems.
2. Ability to master the internal "politics" of industrial safety management: Industrial safety issues will need to be managed by a security unit dedicated to the ICS, because this allows for a more coherent and expert approach.
3. Have a strategy for managing legacy infrastructure: For this process, a base level of visibility of all nodes, network devices, and other active objects within the OT network must be established.
4. Implementation of solutions designed specifically for ICS environments: the security solutions used by many companies are not designed taking into account the needs, limitations and possibilities of Operational Technology.
5. Have a strategy for the convergence of IT/OT, where IoT devices are included: this taking into account the growing digital transformation of production environments and the push towards "Industry 4.0".
6. Have a quick response to incidents: When cybersecurity events occur, it is vital that they are detected, responded to and fixed as quickly as possible.
7. Take staff training and compliance seriously: A key to cybersecurity success is to incorporate correct and security-conscious behaviors within industrial companies and critical infrastructure operators.
Finally, we understand that a forward-looking vision, added to an installed capacity and incident response protocols are of utmost necessity, since the current historical moment is characterized by cybercriminals see it profitable to generate attacks on industrial companies. Solutions must therefore be complex, complete and integrated.
If you want to access the full report, you can do so by clicking here.