It's bad enough when a cyber incident causes you to lose personal or company data. It's a whole other story when a cyber incident causes a town to lose access to its water supply or causes the power grid to malfunction.
According to Business Advantage and Kaspersky Lab's State of Industrial Cybersecurity 2017, cyber attacks on industrial control systems (ICS) can cost people their lives, cause companies to shut down, and have long-lasting effects on the planet.
But how often is this even happening?
In the past 12 months, 54% of companies surveyed suffered an ICS security incident. And one in five had experienced two separate events in the past year.
Even if the cause for concern is higher amongst these types of attacks, the security researchers found that the perceived threat actually outweighs prevalence, as outlined in the table below:
Malware was the most popular culprit behind attacks on ICS at 53%, followed by targeted attacks at 36%. But the highest cause for concern is the impact following a cyber attack.
“The cost of an attack can be enormous. Loss of human life, loss of natural resources are just some aspects, the actual cost can be very, very high. There will be fines and penalties as well imposed on the company as per the guidelines of the government,” said V. Suresh, Chief Engineer of Instrumentation, Oil and Natural Gas Commission of India (ONGC).
The average cost of an attack on an industrial control system was $347,603, businesses reported. The cost for larger companies (over 500 employees) was found to be even higher at $497,097.
Besides avoiding serious financial setbacks, other challenges in managing ICS security include finding the right employees and establishing security awareness.
Surprisingly, lack of budget is the least reported issue amongst those surveyed, according to the report.
“Getting the right people and updating their knowledge are the biggest challenges. As industrial cybersecurity is a very dynamic field, a lot of training is required," said Suresh.
Fifty percent of companies reported finding the right employees who have the right skill set as a major priority in preventing cyber attacks, with 48% reporting finding reliable partners as a major struggle.
Security researchers also found that organizations who allow third parties access to their data were 63% more likely to suffer a breach.
“Understanding what the impact [of a breach or attack] can be and if you have a risk management framework in place that will enable your people to understand what would happen, what would be the mitigation plans if something happens and who are the responsible people for that and raising the awareness of that is a huge factor," said Lars Janowski, Director and Head of Transformation Innovation & Technology Advisory at HKA Global, Australia. "That already can make about 50% of the problems go away. If you take the technical measures on top of that, I would say you are pretty safe."
View the full report and its findings here.
