According to Kaspersky Labs, half of the industrial control systems suffered a cyber attack
In 2018, 47.2% of industrial control systems were affected by cyber attacks, an increase compared to the previous year. Kaspersky gives some tips on how to keep your systems safe.
The attacks on industrial control systems (the ICS, Industrial Control System) are certainly not new, as we unfortunately know. Last year, a peak was reached: according to Kaspersky Labs practically one ICS system out of 2, 47.2%, was subject to some threat. Luckily, we are talking about attack attempts, blocked by security systems, but these are still impressive percentages. The most targeted countries were Vietnam, Algeria and Tunisia.
These were not targeted attacks on specific sensitive targets: in most cases, the researchers detected massively distributed malware in the hope of ” catching ” an interesting target among many, a bit like with mass phishing.
” Despite the common convictions, the main source of threat to computers in the industrial world is not represented by targeted attacks, but by massively distributed malware, which are able to accidentally penetrate industrial systems, through the Internet, through media. Removable like USB keys or via email “
– commented Kirill Kruglov, Security Researcher of ICS CERT of Kaspersky Lab –
” These attacks often find a positive outcome due to a careless attitude towards cyber-security hygiene by employees ” This means that we could work on prevention simply through a correct policy of training and awareness of the staff. It would be much easier to act in this direction than to try to stop certain threat perpetrators. “
The best defense? Constant training.
Kruglov reiterates what has long been repeated in cybersecurity: the human factor is often the main weakness of a system. Continuous and constant training of personnel would help to greatly reduce the risks of infection, how to adopt the following preventive measures:
- Make regular updates of your operating systems and application software on all systems that are part of a company’s industrial network.
- Apply the corrections to the security problems to the PLC (Programmable Logic Controller), to the RTU (Remote Terminal Unit) and to the network resources used in the industrial control systems.
- Limit network traffic on the ports and protocols used on edge routers and within the organization’s OT networks.
- Making checks on access to ICS components in the company’s industrial network and its borders.
- Implement security solutions dedicated to endpoints on ICS servers, workstations and HMI devices.
- Ensure that security solutions are up to date and that all technologies recommended by vendors for protection against targeted attacks are enabled.
- Provide dedicated training and support to its employees, as well as partners and suppliers who have access to a specific industrial network.
- Use solutions for monitoring ICS network traffic, for analysis and for detection in order to ensure better protection from potentially dangerous attacks that could involve technological processes and the main corporate resources.