skip to Main Content
Almost Every Second Industrial Computer Was Subjected To Malicious Cyber Activity In 2018

Almost Every Second Industrial Computer Was Subjected To Malicious Cyber Activity In 2018

In 2018, Kaspersky Lab detected and prevented activity by malicious objects on almost half of Industrial Control System (ICS) computers protected by the company’s products and defined as part of an organisation’s industrial infrastructure. The most affected countries were Vietnam, Algeria and Tunisia. These are some of the main findings of the Kaspersky Lab ICS CERT report on the industrial threat landscape in H2 2018.

Malicious cyber activities on ICS computers are considered an extremely dangerous threat as they could potentially cause material losses and production downtime in the operation of industrial facilities.

In 2018, the share of ICS computers that experienced such activities grew to 47.2 percent from 44 percent in 2017, indicating that the threat is rising

According to the new report, the top three countries in terms of the percentage of ICS computers on which Kaspersky Lab prevented malicious activity were the following: Vietnam (70.09 percent), Algeria (69.91 percent), and Tunisia (64.57 percent). The least impacted nations were Ireland (11.7 percent), Switzerland (14.9 percent), and Denmark (15.2 percent).

“Despite the common myth, the main source of threat to industrial computers is not a targeted attack, but mass-distributed malware that gets into industrial systems by accident, over the internet, through removable media such as USB-sticks, or e-mails. However, the fact that the attacks are successful because of a casual attitude to cybersecurity hygiene among employees means that they can potentially be prevented by staff training and awareness – this is much easier than trying to stop determined threat actors,” said Kirill Kruglov, security researcher at Kaspersky Lab ICS CERT.

Threats Against Industrial Computers In Singapore And Southeast Asia

When it comes to the regions worldwide with the highest proportion of ICS machines on which malicious activity was prevented by Kaspersky Lab, Southeast Asia came in second, with 57.8 percent of infected machines in H2 2018, following closely behind the most infected region, Africa at 60.5 percent.

In Singapore, the distribution of detected infection rate was 20.7 percent, and this figure was also the lowest across Southeast Asia. Within Asia Pacific, Singapore had the second lowest distribution of detected infections in H2 2018, edging behind Hong Kong at 15.3 percent.

“From 23 percent of ICS machines almost infected during the first six months of 2018, Singapore recorded a nearly three percent lower infection rate against their critical systems for last year’s final half. We commend the government and the enterprises’ significant strides in prioritising cybersecurity, and our latest figures undoubtedly prove the fruits of their labour. We are hopeful that Singapore will continue to be mindful that large-scale cyberattacks against critical systems have the potential to cripple manufacturing and disturb the nation’s operations, especially as the country continues to embark on its Smart Nation Initiative,” commented Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky Lab

Kaspersky Lab ICS CERT Recommends Implementing The Following Technical Measures:

  • Regularly update operating systems, application software on systems that are part of the enterprise’s industrial network.
  • Apply security fixes to PLC, RTU and network equipment used in ICS networks where applicable.
  • Restrict network traffic on ports and protocols used on edge routers and inside the organisation’s OT networks.
  • Audit access control for ICS components in the enterprise’s industrial network and at its boundaries.
  • Deploy dedicated endpoint protection solutions on ICS servers, workstations and HMIs, such as Kaspersky Industrial CyberSecurity. This solution includes network traffic monitoring, analysis and detection to secure OT and industrial infrastructure from both random malware infections and dedicated industrial threats.
  • Make sure security solutions are up-to-date and all the technologies recommended by the security solution vendor to protect from targeted attacks are enabled.
  • Provide dedicated training and support for employees as well as partners and suppliers with access to your network.
  • Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.

 

FOLLOW US ON: LinkedIn, Facebook, Twitter

READ MORE IN OUR LATEST ISSUE

WANT MORE INSIDER NEWS? SUBSCRIBE TO OUR DIGITAL MAGAZINE NOW!

 

 

Large Manufacturing Companies In Asia Pacific Could Lose US$10.7 Million Due To A Cyberattack

Large Manufacturing Companies In Asia Pacific Could Lose US$10.7 million Due To A Cyberattack

A Frost & Sullivan study commissioned by Microsoft found that a cyberattack can cost a large manufacturing organisation in Asia Pacific an average of US$10.7 million in economic loss with customer churn being the largest economic consequence of a cyber breach, resulting in US$8.1 million of indirect cost. For mid-sized manufacturing organisation, the average economic loss was US$38,000. Furthermore, cybersecurity incidents have also led to job losses across different functions in more than three out of five (63 percent) manufacturing organisations.

While the impact of data vulnerabilities and breaches can be costly and damaging to the manufacturing organisations, its supply chain and consumers, the study uncovered that half (51 percent) of the manufacturing organisations in Asia Pacific had either experienced a security incident or were not sure if they had had a security incident as they had not performed proper forensics or data breach assessment.

The study further revealed that instead of accelerating digital transformation to bolster their cybersecurity strategy to defend against future cyberattacks, almost three in five (59 percent) manufacturing organisations across Asia Pacific had delayed the progress of digital transformation projects due to the fear of cyberattacks. Delaying digital transformation not only limits the capabilities of manufacturing organisations to defend against increasingly sophisticated cyberthreats but also prevents them from leveraging advanced technologies, such as artificial intelligence (AI), cloud, and the Internet of Things (IoT), to dramatically increase productivity, empower their workforce and deliver new service lines.

These findings are part of “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” study launched in May 2018. The findings aim to provide business and IT decision makers in the manufacturing sector with insights on the economic cost of cyberattacks and to help to identify any gaps in their cybersecurity strategies.

The initial study surveyed a total of 1,300 business and IT decision makers ranging from mid-sized organisations (250 to 499 employees) to large-sized organisations (>than 500 employees), of which 18 percent belong to the manufacturing industry.

In calculating the cost of cyberattacks, Frost & Sullivan created an economic loss model based on the insights shared by the respondents. This model factors in two kinds of losses which could result from a cybersecurity breach:

  • Direct: Financial losses associated with a cybersecurity incident including loss of productivity, fines, remediation cost, etc; and
  • Indirect: The opportunity cost to the organisation such as customer churn due to reputational damage.

“The frequency and severity of cyberattacks targeting manufacturing organisations have increased significantly in recent years, underscoring the need to protect the ever-growing volume of data generated by and made available to manufacturing organisations,” said Kenny Yeo, Industry Principal, Cyber Security, Frost & Sullivan. “By integrating security into every digital process and physical devices, manufacturing organisations can not only mitigate the loss of intellectual property (IP) and customer data but also minimise downtime as well as remediation cost resulting from cyberattacks.”

 

Key Cyberthreats And Gaps In Manufacturing Organisations’ Cybersecurity Approaches

For manufacturing organisations that have encountered a security incident, data exfiltration, ransomware and remote code execution are the biggest concern as these threats have the highest impact and often result in the slowest recovery time:

  • Remote code execution is a unique threat that manufacturing organisations face, and it poses a grave threat to these companies as cybercriminals can remotely access and control their operations. This allows malicious actors to disrupt production and sabotage the business.
  • As manufacturing organisations need to adhere to tight schedules and strict deadlines, a ransomware attack – where cybercriminals encrypt files to restrict users’ access until a ransom is paid – can lead to production downtime and loss of customer confidence. Manufacturing organisations not only lose time and resources in dealing with the aftermath of the attack, but the entire supply chain will also be disrupted too.

Aside from external threats, the study also uncovered several key cybersecurity gaps in manufacturing organisations:

  • Complex security environment impeding recovery time: Contrary to the common notion that more security solutions will lead to greater efficiency, a large portfolio of cybersecurity solutions may not be a good approach to bolster cybersecurity. The complexity of managing a large portfolio of cybersecurity solutions may lead to longer recovery time from cyberattacks.

The study showed that nearly three in five (57 percent) manufacturing organisations with 26 to 50 cybersecurity solutions took more than a day to recover from cyberattacks. Conversely, only 26 percent of organisations with less than 10 solutions took more than a day to recover. In fact, 35 percent of them managed to recover from a security incident within an hour.

  • Traditional tactical viewpoint towards cybersecurity: Despite the growing sophistication and impact of cyberattacks, the study revealed that majority of the respondents (41 percent) hold a tactical view of cybersecurity – “only” to safeguard the organisation against cyberattacks. While only one in five (19 percent) viewed cybersecurity as a business differentiator and an enabler for digital transformation.
  • Security as an afterthought: If cybersecurity is not seen as an enabler for digital transformation, it will undermine manufacturing organisations’ ability to build a “secure-by-design” digital project, leading to increased vulnerabilities and risks.

The study revealed that only 26 percent of manufacturing organisations who had encountered cyberthreats considered a cybersecurity strategy prior to initiating a digital transformation project. The remaining respondents either thought about cybersecurity only after the commencement of their digital transformation projects or did not think about cybersecurity at all.

“Technology advances and innovations in intelligent manufacturing are delivering game-changing breakthroughs for leading businesses in every sector,” said Scott Hunter, Regional Business Lead, Manufacturing, Microsoft Asia. “As manufacturing organisations focus on increasing data-driven products and services to differentiate themselves in the global economy, building and maintaining trust within their ecosystem of partners and customers becomes an even bigger priority.”

“Cyber attackers are constantly looking for opportunities, so the more businesses know about their techniques and tradecraft, the better prepared they will be to build defenses and respond quickly. Building organisational resilience and reducing risk by adopting a security approach that includes prevention, detection and response can make a huge difference in the overall cybersecurity health of a manufacturing organisation,” he added.

 

Bolstering Cybersecurity Using Artifical Intelligence

AI plays a critical role in manufacturing organisations as they increasingly rely on machine learning automation to increase their efficiency and output by scale while reducing cost and downtime through predictive maintenance. AI is also a powerful tool that can enable manufacturing organisations to defend themselves against increasingly sophisticated cyberattacks. The study revealed that 67 percent of manufacturing organisations in Asia Pacific have either adopted or are considering an AI-based approach to improve their security posture.

Cybersecurity solutions that are augmented with AI and machine learning capabilities can autonomously learn what is normal behavior for connected devices on the organisation’s network, and swiftly identify cyberthreats at scale through the detection of behavioral anomalies. Cybersecurity teams can also put in place rules that block or quarantine devices that are not behaving as expected before they can potentially damage the environment. These AI-powered cybersecurity engines enable manufacturing organisations to address one of their largest and most complex security challenges as they integrate thousands or even millions of IoT devices into their information technology (IT) and operational technology (OT) environments.

WANT MORE INSIDER NEWS? SUBSCRIBE TO OUR DIGITAL MAGAZINE NOW!

FOLLOW US ON: LinkedIn, Facebook, Twitter

 

Back To Top