Virtualization Technology News and Information
Article
RSS
Kaspersky finds OT security team shortage threatens protection in 19% of industrial organization

A recent Kaspersky report has found that in 19% of industrial companies, a lack of operational technology (OT) security professionals is threatening their cyber protection. Overall, 66% of survey respondents have faced significant OT security staffing challenges such as overloaded employees and difficulties attracting qualified personnel. The report also revealed a general lack of investment in staffing and salaries.

Industry players have confirmed that the demand for OT/ICS security skills and specific expertise has been on the rise for the last several years due to threat escalations and the increased prevalence of IT/OT security frameworks and regulations.

According to the survey, industrial organizations have experienced significant staffing issues including those related to the lack of cybersecurity experts (19%), staff overloading (46%) and staff turnover (30%). Only 4% reported feeling absolutely no pressure in regards to human resources.

The report names underfunding as one of the possible reasons for this gap between the supply and demand of qualified employees. A lack of finances has led to a reduced headcount, with staffing being the most underfunded aspect of OT/ICS cybersecurity in every second organization (55%). Another 35% of respondents also named low salaries and compensations as a particular concern.

Overall, just under half (43%) of industrial organizations have dedicated OT/ICS security teams. Given the difficulty of recruiting skilled industrial cybersecurity specialists, many organizations are looking into outsourcing, with 58% already relying more heavily on external OT security service providers since the pandemic.

"To organize the cyber protection of an industrial enterprise, turning to a professional team like a managed security service provider (MSSP) is an effective option," comments Dmitriy Petrovichev, ICS CERT service group manager at Kaspersky. "However, if a business needs to have its own team of professionals, they can then involve expert organizations and CERTs with expert knowledge in finding vulnerabilities, detecting threats and investigating cyber-incidents who can train an in-house team to do the same. In addition to training OT cybersecurity professionals, it is also necessary to ensure that other staff members are aware of cybersecurity issues. Training in this area can be delivered through dedicated awareness programs, including face-to-face, online and e-learning courses. This can be a legal requirement for critical infrastructure enterprises."

Kaspersky suggests the following steps to mitigate the gap in OT/ICS security expertise:

  • Improve general security awareness of any employees that interact with industrial computers to minimize the risk of attacks due to human error. These include basic practices like not using ICS machines for personal needs or installing unauthorized software on them.  
  • Look into cybersecurity courses for IT/OT managers and engineers. Kaspersky ICS CERT suggests onsite security awareness training for IT, IT security and ICS specialists, an online module in Kaspersky Automated Security Awareness platform, along with in-depth professional courses on digital forensic and incident response.

The full report, "Kaspersky ICS Security Survey 2022: The seven keys to improving OT security outcomes" is available for download here.

Published Tuesday, May 17, 2022 8:43 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<May 2022>
SuMoTuWeThFrSa
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234