Kaspersky: the state of industrial cybersecurity in 2020

For Kaspersky, 2020 was a special year for surveying; the COVID-19 pandemic and subsequent industry lockdowns opened up industrial cybersecurity for brand new challenges that it hadn’t previously faced. Some existing cybersecurity methods were strained, and industry experts have been quick to identify the majority of weak points exposed. Many industrial companies now have a very simple, but vital question: ‘How must the cybersecurity maturity model be adapted to provide effective protection in the digital age?’

The Key Findings Of The Report

The report also brings to light the question of how industrial control systems (ICS) cybersecurity drivers dealt with threat challenges during the pandemic. This has been brought up because ICS and the automation components used within them haven’t ever been considered as a security risk historically; any faults found were often related to defects in the hardware and software. However, as the world becomes increasingly digital, and the Internet of Things (IoT) interconnects more and more components, physical assets can now be targeted for manipulation, and even destruction by cyberattacks and criminal organisations─who are ceasing this development as an opportunity to exploit ICS as a business model. 

With that in mind, Kaspersky suggests that it is time for industrial control system users to invest in with “new, modern security methods to detect attacks and initiate countermeasures”. 

As we already know, the majority of businesses have changed the way that they operate during the pandemic ─ primarily, to a ‘work from home’ format. According to the report, 53% of respondents have been operating with a remote workforce, which was a stress test for cybersecurity processes. Due to this, 14% revised their cybersecurity concepts, and only 7% found that their existing models and strategies were up to the task of protecting their remote workers. For those who didn’t have sufficient cybersecurity plans, they realised that “they need to supplement [the] procedures during exceptional circumstances.” 

ICS Cybersecurity Drivers

Due to the complexity of ICS, in the majority of organisations today, all budgets are decided by interdisciplinary teams. Kaspersky advises that the “best way to find suitable protection measures is to consult experts from different fields”, including specialists in IT, ICS, safety, and production. 67% of the respondents reported that a team of experts akin to this is growing increasingly popular and influential in the decision-making process surrounding cybersecurity in their own firms. 

Many of the companies involved in the report stated that they “expect certain benefits from digitisation”, including improved efficiency in the workplace. This is to be expected, given that human and tech augmentation is explicitly designed to up the ante, and it’s entirely plausible. However, as interconnected devices influence the operational technology (OT) topology, the ICS cybersecurity maturity models that they rely on need to be updated too. “55% of respondents confirmed that their OT networks are checked for security issues at least once a year or more often”, while 44% focus on cybersecurity initiatives daily during their digital transformations. 

These figures suggest that the important principles for basic cybersecurity protection are pretty much in place, but that there still needs to be a degree of education and implementation over the coming years, to ensure that all industrial organisations have sufficient cybersecurity to ward off any potential threats in an increasingly dangerous world.