The digitalization of industrial
infrastructure is underway, and 55% of organizations are confident that the
Internet of Things, as one of its key aspects, will change the state of
security in industrial control systems (ICS). According to Kaspersky's
recent report, 20% of organizations have already prioritized
IoT-related incidents, but effective solutions against IoT threats are not yet
widespread.
Industrial organizations continue to implement
digitalization and Industry 4.0 standards. Even despite the
market slowdown as a result of the COVID-19 pandemic, digitalization is
still being adopted. At the same time, the growing number of digitalization
projects, such as industrial IoT, raises awareness of the associated risks.
For one-in-five companies (20%), attacks on Industrial
Internet of Things (IIoT) have already become one of their main cybersecurity
concerns, bypassing such serious threats as data breaches (15%) or attacks on
the supply chain (15%). Addressing them increasingly requires security
professionals' involvement, not just IT teams. In 2020, in almost half of the
enterprises surveyed, IT security personnel are working on initiatives to
protect digitalized OT systems (44%).
Alternatively, the report showed that not all organizations
may feel ready to face threats to IoT. Only 19% of companies have implemented
active network and traffic monitoring, and 14% have introduced network anomaly
detection as these solutions allow security teams to track anomalies or
malicious activity in IoT systems.
"While industrial enterprises will only increase the
implementation of connected devices and smart systems, they should strive for
the same efficiency level when it comes to protection," said Grigory Sizov,
head of KasperskyOS business unit. "To achieve this, protection should
be built-in when a project is initiated, and for some companies, it should be
done today. IIoT components must be secure at their core to eliminate the
possibility of an attack on them. Along with traffic protection and other
technologies, this makes the entire system secure by design and this means it
becomes immune to cyber-risks."
To ensure IIoT systems are used effectively and safely,
Kaspersky experts provide organizations with the following advice:
- Consider protection at
the very beginning of IIoT implementation by using dedicated security
solutions. For example, Kaspersky IoT Infrastructure Security solution is
designed to safeguard industrial and business networks for IoT devices -
including smart meters, controllers and others. Its key element is
Kaspersky IoT Secure Gateway, based on KasperskyOS.
- Assess the status of a
device's security before its implementation.
Preferences should be given to devices that have cybersecurity
certificates and products from those manufacturers that pay more attention
to information security.
- Conduct regular security
audits and provide the security team responsible for protecting IoT
systems with up-to-date threat intelligence.
- Establish procedures for
obtaining information on relevant vulnerabilities in software and
applications, and available updates to ensure proper and timely responses
to any incidents. ICS Threat
Intelligence Reporting service provides insights into current threats
and attack vectors, as well as the most vulnerable elements in OT and
industrial control systems and how to mitigate them.
- Implement cybersecurity
solutions designed to analyze network traffic and detect anomalies and
prevent IoT network attacks, then integrate the analysis into the
enterprise network security system. Kaspersky
Machine Learning for Anomaly Detection analyzes telemetry and
identifies any suspicious actions in the network before it causes any
damage.
To read the full report, ‘The State of
Industrial Cybersecurity in the Era of Digitalization', please visit the
dedicated
page
on the
Kaspersky
website.