(吉隆坡2019年八月22日讯)虽然有了自动化,但是人为因素仍然对工业流程带来很大的风险,。根据卡巴斯基(Kaspersky)的“State of Industrial Cybersecurity 2019”报告,去年52%影响运营技术和工业控制系统(OT / ICS)网络的事故都是源自员工的错误。工业基础设施日益复杂,它们需要更先进的保护和技能。但是,组织都缺乏专业人员来处理新的威胁和员工们的意识也低。
许多工业组织正在采用数字化和工业4.0标准化。五分之四的组织(81%)将运营网络数字化视为今年的一项重要任务。但是,这些基础设施都有网络安全风险。
好消息是,大多数(87%)受访者证实,OT / ICS网络安全正成为工业企业的首要任务。但为了达到必要的保护水平,他们需要投入专门的措施,并拥有高素质的专业人员,使他们有效地工作。尽管将其作为优先事项,但只有超过一半的公司(57%)拥有工业网络安全的分配预算。
除了预算限制之外,熟练员工是另外一个问题。组织不仅缺乏具备管理工业网络保护的正确技能的网络安全专家,还担心他们的OT / ICS网络运营商不完全了解而可能导致网络安全漏洞的事故。这些挑战构成了与网络安全管理相关的两大主要问题,并在某种程度上解释了为什么员工错误导致所有ICS事件的一半 – 例如恶意软件感染 – 以及更严重的针对性攻击。
在近一半的公司(45%)中,负责IT基础架构安全的员工也监督OT / ICS网络的安全性,将此任务与其核心职责相结合。这种方法可能带来安全风险:尽管运营和企业网络的联系日益紧密,但在网络安全方面,各方的专家可以有不同的方法(37%)和目标(18%)。
除了提高工业网络安全的技术和意识之外,组织还需要考虑对外部高度连接的工业物联网的特定保护:几乎一半的公司(41%)已准备好将其OT / ICS网络连接到云端,使用预防性维护或数字双胞胎。
卡巴斯基(Kaspersky)拥有专门的解决方案和服务组合,可以应对工业组织面临的挑战。Kaspersky Industrial CyberSecurity结合了对工业终端和网络的保护,以应对ICS环境中运营商和网络级别的威胁,并提供先进的威胁情报和事件响应服务。它还为网络安全专家和OT经理/ ICS操作员提供专业培训。
Kuala Lumpur, 22 August 2019 – Despite automation, the human factor can still put industrial processes at risk: employee errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks last year. According to a new Kaspersky report “State of Industrial Cybersecurity 2019” , this issue is part of a wider, more complicated context. The growing complexity of industrial infrastructures demands more advanced protection and skills. But, organizations are experiencing a shortage of professionals to handle new threats and low awareness among employees.
Digitalization of industrial networks and adoption of Industry 4.0 standards are in the pipeline for many industrial companies. Four out of five organizations (81%) see operational network digitalization as an important or very important task for this year. However, for all the benefits that connected infrastructure brings, there are associated cybersecurity risks.
The good news is that OT/ICS cybersecurity is becoming a top priority for industrial companies, as confirmed by the majority (87%) of respondents. But to achieve the necessary level of protection, they need to invest in dedicated measures and have highly qualified professionals to make them work effectively. Despite stating it as a priority, only just over half of companies (57%) have the allocated budget for industrial cybersecurity.
In addition to budget constraints, there is also a question over skilled staff. Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches. These challenges make up the top two major concerns relating to cybersecurity management and go some way to explaining why employee errors cause half of all ICS incidents — such as malware infections — and also more serious targeted attacks.
In almost half of companies (45%), the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks, combining this task with their core responsibilities. Such an approach may carry security risks: although operational and corporate networks are becoming increasingly connected, specialists on each side can have different approaches (37%) and goals (18%) when it comes to cybersecurity.
“This year’s study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors. Taking a comprehensive, multi-layered approach – which combines technical protection with regular training of IT security specialists and industrial network operators – will ensure networks remain protected from threats and skills stay up to date”, comments Georgy Shebuldaev, Brand Manager, Kaspersky Industrial Cybersecurity.
In addition to a technical and awareness boost for industrial cybersecurity, organizations need to consider specific protection for Industrial IoT which can become highly connected externally: almost half of companies (41%) are ready to connect their OT/ICS network to the cloud, using preventive maintenance or digital twins.
Dr. Jesus Molina, Chair, IIC Security Working Group, and Director of Business Development, Waterfall Security Solutions suggests: “As this ARC Advisory Group survey conducted on behalf of Kaspersky reflects, the growing interconnection between IIoT edge devices and cloud services continues to stand as a security challenge. It was a major driver for the creation of the IIC Industrial Internet of Things Security Framework as well as the subsequent best practices documents and recent IoT Security Maturity Model”.
Kaspersky has a dedicated portfolio of solutions and services addressing the challenges facing industrial organizations. Kaspersky Industrial CyberSecurity combines protection for industrial endpoints and networks to deal with threats at operator and network level in ICS environments, with advanced threat intelligence and incident response services. It also provides training and a specially designed awareness program for cybersecurity experts and OT managers/ICS operators.
