In line with their commitment to increase awareness around sophisticated cyberthreats landscape at GITEX Technology Week 2018, Kaspersky Lab’s ‘State of Industrial Cybersecurity 2018’ survey highlighted the different opinions industrial and energy enterprises, as well as transport and logistics companies, have regarding the negative effects of cyberattacks on their industrial networks. However, when it comes to the issues affecting their ability to keep networks secure there are three key concerns they can agree on --- understaffing, underinvestment by senior management and the human factor. With over 40%[1] of ICS computers in the Middle East region facing attacks every 6 months, these cybersecurity gaps in critical infrastructure can significantly increase the risks for organizations. Algeria (66.2%), Morocco (60.4%), Egypt (57.6%) and Saudi Arabia (48.4%) are amongst the top countries that face attacks on its ICS systems.

Different fears

Depending on the industry, organizations have different assessments concerning the damage caused to their business by cyberthreats. For transport and logistics companies that build their business based on a service model, the most negative impact is losing customer confidence. But for the majority of manufacturing enterprises and energy companies, their biggest concern is compromising the quality of production due to a cyberattack.

Under-resourced and under-skilled

The task of protecting industrial networks often falls to those providing corporate information security. Globally, in 40% of manufacturing organizations, ICS protection is the responsibility of corporate IT security officers. Within transport and logistics companies, over half of those surveyed (58%) confirm that ICS safety is provided by a dedicated team working full-time to combat threats.

Industrial organizations, especially those with complex technological processes, need highly specialized, qualified employees to fill the gap. For example, in the energy sector, where national critical infrastructure is managed with the help of ICS, the main challenge when it comes to security management (61%) is hiring employees with the relevant skills.

Lack of top management involvement causes underfunding

In many enterprises, IT security is a priority for senior management, but in more than half (54%) of manufacturing companies globally, top management is little - if at all - involved in ICS protection issues, which results in underinvestment. Indeed, two-thirds (66%) do not have a dedicated budget for providing security of critical infrastructure. And this position remains unchanged, even in the event or risk of an incident, with 17% of manufacturing organizations not considering this a sufficient enough reason to invest in ICS security.

The human factor is an evergreen problem in ICS security

The consequences of employee errors pose a critical threat to half of all organizations worldwide and in all sectors (49%). This is not surprising, given that after malware and ransomware, it is the most common reason for security incidents in ICS (27%). According to a new report from Kaspersky Lab and B2B International*, almost (25%) data breaches in Middle East, Turkey and Africa in the past year have led to people losing their jobs. Fortunately, companies are aware of this problem and are trying to solve it by training personnel and creating rules of behavior on critical infrastructure objects. Our research shows that 82% of organizations around the world have already implemented training for employees, contractors and vendors.            

Whatever the most feared consequences for industrial organizations, the only way to prevent or lessen the effect of an attack is to put in place robust safety measures and procedures for ICS networks. Monitoring and timely responses to incidents on industrial networks should become key IT security priorities, along with educating and arming staff on how to minimize the risks to their business.

"Recent malware such as Industroyer and Triton have far exploited employee weaknesses, proving to be malicious threats to organizations and making it more evident that the cyberthreats landscape is evolving at an unprecedented pace. Incidents caused by actions of employees can lead to data breach and failure of business processes, as well asresult in huge financial losses and reputation damage. Keeping this in mind, GITEX serves as an ideal platform to focus our efforts in building awareness around this critical issue,” said Amir Kanaan, Managing Director for the Middle East, Turkey and Africa Kaspersky Lab. "Enterprises across the region have started to pay a bit more attention to ICS cybersecurity issues, and are evaluating the industrial segments of their networks, training employees, etc. It is a good sign, because it’s highly important for businesses to take proactive measures in order to avoid firefighting in future," he adds.

To learn more about the challenges faced by industrial organizations, read the full 'State of Industrial Cybersecurity 2018' report here. To find out how Kaspersky Lab can help protect your ICS network, please visit https://ics.kaspersky.com/.

 

-Ends-

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company celebrating its 20 year anniversary in 2017. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

For further information please contact:
Yahya Munir
Senior Account Executive
Golin, Dubai
+971 50 396 8081
KasperskyTeam@golin.ae 
Global IT Security Risk Survey 2018
Middle East Data

© Press Release 2018

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.