The annual loss of the hottest industrial network

  • Detail

An investigation conducted by Kaspersky laboratory shows that in the past year, one of the two ICs (industrial control system) companies has experienced one to five safety accidents. On average, ineffective network security costs industrial organizations an average of $497000 a year. Although most industrial organizations think they are ready to deal with network safety accidents, their confidence does not seem to be sufficient

the emerging industry 4.0 trend makes network security the top priority of global industrial organizations and brings new challenges to ICs. Challenges include the integration of it and operational technology (OT) and the provision of industrial control networks to external suppliers. In order to better understand the problems and opportunities currently faced by ICS organizations, Kaspersky laboratories and business advantage conducted a global survey involving 359 industrial network safety practitioners from February to April 2017. One of the main findings of the survey is that there is a gap between people's reality and perception of ICs accidents. For example, although 83% of the respondents believed that they were ready to deal with ot/ics network threat accidents, half of the enterprises involved in the survey had experienced 1 to 5 it security accidents in the past 12 months, and 4% had experienced more than 6 security accidents. This leads to an important question - how should the IT security policies and protection means of these organizations be modified to protect the security of these key enterprise data and technical processes more effectively

safety accident experience: network threats in production sites

ics enterprises are aware of the risks they face: 74% of the surveyed enterprises believe that their infrastructure may be subject to network attacks. Although enterprises have improved their awareness of the latest threats such as targeted attacks and ransomware, the biggest pain point faced by ICS organizations is still traditional malware. 56% of the surveyed enterprises believe that this threat is still the main factor causing safety accidents. In this case, it is realistic to perceive that there are still a few shopping bags in the supermarket: in the past year, one of every two enterprises had to deal with the consequences of traditional malware infection

however, there is also a mismatch between employees' wrong and unintentional behavior - this poses a greater threat to ICS institutions than threats from the supply chain and partners, as well as damage and physical damage caused by external attacks. However, the top three threats that ICs agencies are most worried about include external attacks

meanwhile, the consequences of the top three IT security accidents include damage to product and service quality, loss of patents or confidential information, and production reduction or loss

security policy: from gate to network anomaly detection

86% of the surveyed enterprises have approved and archived ICs network security policies to protect enterprises from potential it security accidents. However, the accident experience shows that only network security strategy is not enough. Due to the lack of internal and external IT security expertise, industrial organizations acknowledge that the lack of expertise is their biggest concern in ICs security. This situation is very worrying because it shows that industrial institutions are not prepared to respond to attacks and are often on the verge of being attacked. Sometimes the attacker is still his own employee. "Internal threats are more dangerous. We are well protected by external threats, but internal threats will directly affect us. There is no firewall to prevent internal threats. We cannot prevent threats from employees," admitted an ICS practitioner from a German manufacturer

on the positive side, the safety strategy adopted by ICS practitioners will reduce the output air volume of the compressor, which looks quite stable. Most companies have abandoned the use of gates as a security measure and adopted comprehensive network security solutions. In the next 12 months, the enterprises participating in the survey plan to deploy industrial anomaly detection tools (42%) and staff safety awareness training load measurement using strain sensing IC digital measurement device training. Industrial anomaly threat detection is particularly relevant because half of the surveyed ICs companies admit that external providers can access the industrial control network in their organization, expanding the threat boundary

the increasing interconnection of it and ot systems has brought new security challenges, which require board members, engineers and it security teams to be fully prepared to deal with. They need to have a deep understanding of the threat environment, carefully consider the protection means, and ensure to improve the safety awareness of employees, ”Andrey, the head of key infrastructure protection of Kaspersky laboratory, whose process technology and product physical assets have reached the international advanced level, Suvorov said: "the network threat has gone deep into the workshops of the industrial control system, so it is best to be prepared to deal with it. For those enterprises that are fully conducive to customized security solutions that take into account the needs of ICs, it will be easier to eliminate potential safety accidents."

Copyright © 2011 JIN SHI