Half of industrial organizations believe IoT will transform ICS security

October 15, 2020

The digitalization of industrial infrastructure is underway, and 55% of organizations are confident that the Internet of Things, as one of its key aspects, will change the state of security in industrial control systems (ICS). According to Kaspersky’s recent report, 20% of organizations have already prioritized IoT-related incidents, but effective solutions against IoT threats are not yet widespread.

Industrial organizations continue to implement digitalization and Industry 4.0 standards. Even despite the market slowdown as a result of the COVID-19 pandemic, digitalization is still being adopted. At the same time, the growing number of digitalization projects, such as industrial IoT, raises awareness of the associated risks.

For one-in-five companies (20%), attacks on Industrial Internet of Things (IIoT) have already become one of their main cybersecurity concerns, bypassing such serious threats as data breaches (15%) or attacks on the supply chain (15%). Addressing them increasingly requires security professionals’ involvement, not just IT teams. In 2020, in almost half of the enterprises surveyed, IT security personnel are working on initiatives to protect digitalized OT systems (44%).

Alternatively, the report showed that not all organizations may feel ready to face threats to IoT. Only 19% of companies have implemented active network and traffic monitoring, and 14% have introduced network anomaly detection as these solutions allow security teams to track anomalies or malicious activity in IoT systems.

“While industrial enterprises will only increase the implementation of connected devices and smart systems, they should strive for the same efficiency level when it comes to protection,” said Grigory Sizov, head of KasperskyOS business unit. “To achieve this, protection should be built-in when a project is initiated, and for some companies, it should be done today. IIoT components must be secure at their core to eliminate the possibility of an attack on them. Along with traffic protection and other technologies, this makes the entire system secure by design and this means it becomes immune to cyber-risks.”

To ensure IIoT systems are used effectively and safely, Kaspersky experts provide organizations with the following advice:

Consider protection at the very beginning of IIoT implementation by using dedicated security solutions. For example, Kaspersky IoT Infrastructure Security solution is designed to safeguard industrial and business networks for IoT devices – including smart meters, controllers and others. Its key element is Kaspersky IoT Secure Gateway, based on KasperskyOS 1.
Assess the status of a device’s security before its implementation. Preferences should be given to devices that have cybersecurity certificates and products from those manufacturers that pay more attention to information security.
Conduct regular security audits and provide the security team responsible for protecting IoT systems with up-to-date threat intelligence.
Establish procedures for obtaining information on relevant vulnerabilities in software and applications, and available updates to ensure proper and timely responses to any incidents. ICS Threat Intelligence Reporting service provides insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems and how to mitigate them.
Implement cybersecurity solutions designed to analyze network traffic and detect anomalies and prevent IoT network attacks, then integrate the analysis into the enterprise network security system. Kaspersky Machine Learning for Anomaly Detection analyzes telemetry and identifies any suspicious actions in the network before it causes any damage.

To read the full report, ‘The State of Industrial Cybersecurity in the Era of Digitalization’, please visit the dedicated page on the Kaspersky website.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Half of industrial organizations believe IoT will transform ICS security

Related Articles

Related Events

Report Abusive Comment