“More than three-quarters of the operational technology (OT) and Industrial control systems (ICS) companies feel that they are likely to become a target of a cybersecurity attack,” said the Kaspersky Labs’ recent report on “The State of Industrial Cybersecurity 2018”.
The survey, carried out by PAC on behalf of Kaspersky Lab of 320 worldwide professionals with decision-making power on OT/ICS cybersecurity, is aimed at finding the needs of OT/ICS companies, their priorities, concerns, challenges they face, as well as external and internal factors that impact industrial cybersecurity, and the best practices adopted.
According to the survey, over three-quarters of the participants stated that OT/ICS cybersecurity is a major priority. These companies also felt the likelihood of cyber attacks. “Despite this, only 23% are compliant with minimal mandatory industry or government guidance and regulations around cybersecurity of industrial control systems. On the other hand, the vast majority of the companies surveyed are increasing their OT/ICS cybersecurity investments or keeping them at least steady,” the survey pointed out.
On the bright side, more than half of the companies did not experience any incident in the last one year. But most of these companies seemed underprepared, and they have only joined the digitization bandwagon. Moreover, many a time, companies do not detect or even track attacks. And for the rest that witnessed incidents and attacks, it had a “relevant negative impact” on their business.
One alarming trend was that there has been a low maturity rate, given the nature of ICS/OT industries. The report points out the criticality of collaborations between IT and OT teams. “IT and OT people have different goals, processes, tools, and languages, but they must collaborate if they want to protect the OT/ICS space that is more and more blended with the IT space,” the report stated.
“Although it appears there are incremental improvements in several areas of addressing OT cybersecurity risk, it is discouraging to see that for the most part we still lack significant progress across the board when it comes to dedicating resources to these challenges. As we increase the level of automation in our critical infrastructures, we MUST take security issues seriously,” Marty Edwards, Managing Director, Automation Federation, USA, was quoted.