Survey Finds Over Half of Industrial Networks Cybersecurity Incidents Occur due to Employee Errors

Woburn, MA – August 21, 2019 – According to a new report from Kaspersky, 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks last year were caused by employee errors or unintentional actions. The report, “State of Industrial Cybersecurity 2019,”[1] found this issue to be the result of the growing complexity of industrial infrastructures and a shortage of professionals who understand how to detect new threats as well as low awareness among existing employees.

According to the survey, digitalization of industrial networks and adoption of Industry 4.0 standards are a priority for many industrial companies. Four out of five organizations (81%) consider operational network digitalization to be an important or very important task for this year.

A majority (87%) of respondents confirmed that OT/ICS cybersecurity is becoming a top priority for industrial companies. However, to achieve the necessary level of protection, they need to invest in dedicated measures and have highly qualified professionals to make them work effectively. Despite stating it as a priority, only just over half of companies (57%) have allocated budget for industrial cybersecurity.

In addition to budget constraints, there is also a question over skilled staff. Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but also are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches. These challenges make up the top two major concerns relating to cybersecurity management and directly correlates as to why employee errors cause half of all ICS incidents such as malware infections and more serious targeted attacks.

In almost half of the companies (45%) surveyed, the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks. Although operational and corporate networks are becoming increasingly connected, OT and ICS specialists can often have different approaches (37%) and goals (18%) when it comes to cybersecurity.

“This year's study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” said Georgy Shebuldaev, brand manager for Kaspersky Industrial Cybersecurity. “Taking a comprehensive, multi-layered approach that combines technical protection with regular training of IT security specialists and industrial network operators will ensure networks remain protected from threats and skills stay up to date.”

In addition to a technical and awareness boost for industrial cybersecurity, organizations must consider specific protection for Industrial IoT which can become highly connected externally. Almost half of companies (41%) are ready to connect their OT/ICS network to the cloud using preventive maintenance or digital twins.

“As this ARC Advisory Group survey conducted on behalf of Kaspersky reflects, the growing interconnection between IIoT edge devices and cloud services continues to stand as a security challenge,” said Dr. Jesus Molina, chair, IIC Security Working Group and director of business development, Waterfall Security Solutions. “It was a major driver for the creation of the IIC Industrial Internet of Things Security Framework as well as the subsequent best practices documents and recent IoT Security Maturity Model.”

Kaspersky has a dedicated portfolio of solutions and services that address the challenges facing industrial organizations. Kaspersky Industrial CyberSecurity combines protection for industrial endpoints and networks to deal with threats at operator and network level in ICS environments with advanced threat intelligence and incident response services. The product also provides training and a specially designed awareness program for cybersecurity experts and OT managers/ICS operators.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Media Contact:

Cassandra Faro
Cassandra.Faro@Kaspersky.com
781-503-1812

[1] Kaspersky survey conducted by ARC Advisory Group in spring 2019 across 282 industrial organizations across the globe.