Industrial controls at risk
According to a study, security budgets have grown. This is necessary, because cyber attacks on industrial control systems have doubled.
The Sans Institute, a global training and certification organization for information security, surveyed 196 experts from the ICS (Industrial Control Systems) environment who work for companies worldwide across all industries. The results of the study "Securing Industrial Control Systems 2017" demonstrate an increasingly insecure and complex working environment due to trends such as Industrial IoT (IIoT), targeted attacks on industrial controls (ransomware), but also a slight increase in budgets for audits and assessments in ICS networks.
Budgets increased
First, the positive news: 46% of respondents said their budgets for securing ICS systems increased last year compared to 2015. In the same breath, however, 69% believe the cyber threats to their systems have increased and should be classified as either severe or even critical.
"The threat of ransomware continues to grow and we have already seen two widespread attacks this year that have affected the operations of several critical industries. Cyber criminals are now adding malware capabilities that can reach ICS assets and also sabotage them. Recent examples include Mondelez Cadbury, Beiersdorf and Deutsche Bahn," said Doug Wylie, Director Industrials & Infrastructure Practice at Sans Institute.
There was no point in simply investing in systems, he said. Cybersecurity professionals remained the most important line of defense for secure operations. Investments that train employees and provide greater security awareness of best practices could be an effective way to mitigate the threat of growing threats, Wylie said.
Embedded controllers as a danger
35% of the ICS experts classify ransomware as an important threat, which has also almost doubled in 2016 compared to the previous year. The greatest threat, however, comes from devices that are integrated into networks as part of the IIoT and whose design is focused on functionality rather than security (44 %). 24% see embedded controllers in particular as the most vulnerable systems of all ICS systems if a security incident occurs.
However, respondents also already have security measures in place to mitigate the threat, with 36% having budgets to conduct security assessments and audits of ICS systems. Nearly half (48%) would assess their security systems against international security standards such as the "NIST Cyber Security Framework," it said.
