Most Industrial Cyber Incidents Down To Human Error – Kaspersky
Cyber security incidents in industrial systems are mostly down to employee error, Kaspersky has warned in a new report.
The report, “State of Industrial Cybersecurity 2019”, found that employee errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks in 2018.
Last month a number of large blue-chip industrial firms in Germany confirmed they have been subjected to cyber-attack. BASF and Henkel are chemical giants, Siemens makes power-generating kit among other things, and Roche is a drug company.
Industrial cyber incidents
Part of the problem for industrial entities is the shortage of professionals to handle modern cyber risks, coupled with low awareness among employees.
The problem is getting worse as more industrial groups change from manual processes to computer systems, some of which can be highly complex.
In March, for example, large Norwegian manufacturing firm Norsk Hydro admitted it had lost more than $40m, in the week following a devastating ransomware attack.
The Kaspersky report confirmed that industrial groups are increasingly recognising the importance of securing their systems, with 87 per cent of respondents agreeing that cybersecurity is becoming a top priority for industrial companies.
A fine sentiment, but the Kaspersky study also found that only just over half of companies (57 per cent) have the allocated budget for industrial cybersecurity.
Matters are not helped by a shortage of skilled staff.
“Organisations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks but are worried that their OT/ICS network operators are not fully aware of the behaviour that can cause cybersecurity breaches,” the security experts said.
“These challenges make up the top two major concerns relating to cybersecurity management and go some way to explaining why employee errors cause half of all ICS incidents – such as malware infections – and also more serious targeted attacks,” it added.
Kaspersky said that in almost half of companies (45 per cent), the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks. It said this approach may carry security risks: although operational and corporate networks are becoming increasingly connected, specialists on each side can have different approaches (37 per cent) and goals (18 per cent) when it comes to cybersecurity.
“This year’s study shows that companies are seeking to improve protection for industrial networks,” said Georgy Shebuldaev, brand manager at Kaspersky Industrial Cybersecurity.
“However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” Shebuldaev added. “Taking a comprehensive, multi-layered approach – which combines technical protection with regular training of IT security specialists and industrial network operators – will ensure networks remain protected from threats and skills stay up to date.”
Kaspersky also warns organisations to consider specific protection for Industrial IoT which can become highly connected externally.
In April this year security officials at the German multinational pharmaceutical and life sciences giant Bayer AG reported that they detected and then contained a cyber attack.
The hackers using the Winnti malware had apparently gained access to Bayer’s network in early 2018 by using malware to spy on the company.
But security teams at Bayer reportedly detected the intrusion and covertly monitored it for over a year.
Industry: Cyber Security
- CONTRACT SOC Manager. London / Birmingham. URGENT Immediate role.
REF7847 Contract SOC Manager. SC cleared, London / Birmingham. Initial 3 month Contract. SOC Manager needed to for an URGENT 3-4 month CONTRACT. SC clearance is essential. The project is to aid in the setup, implementation and management of resources to help with the initial stand up stages of a new SOC within a greenfield site. This is a short term contract role whilst a permanent hire is brought on over the coming 3 to 4 months. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
- SPLUNK Level 3 SOC Consultant, SIEM Splunk, London / Birmingham
REF CH7825 Level 3 SOC Consultant, SIEM Splunk, London / Birmingham £55,000 + Level 3 SOC Consultant, SIEM SPLUNK needed. Security Clearance. Permanent role Level 3 SOC Consultant, SIEM SPLUNK needed to join a public sector client. The ability to achieve SC clearance is essential. MUST have experience working with SPLUNK ideally to an Advanced Power User level. Splunk Enterprise Security (ES) knowledge and hands on experience highly desirable. The role will include, but not be limited to; managing and handling incidents end to end, supporting and mentoring level 1 / level 2 staff, supporting the SOC manager in the delivery of the SOC roadmap, engaging with the client stakeholders (other technical teams) as and where needed, use case development, advanced search and reporting etc. The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt use this calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-remote-soc-role Chris.Holt@dclsearch.com
- Aspiring Cyber Partner. Business lead, market maker.
Aspiring Cyber Partner (management consultancy) with Cyber specialism into Healthcare, Utilities and or Public Sector. Working with new and existing clients to help them solve, transform or evolve their cyber capabilities. MUST have; A proven management consultancy background in cyber. A history of identifying and closing new business opportunities. Currently Revenue generating / must be able to demonstrate recent wins. Client facing to board level with international businesses. Team leadership / mentoring experience. Extensive cyber industry experience. Digital transformation, Start-up environments etc. Experienced presenter at industry events, to be the public face of a business / capability. Breadth of knowledge across Cyber security. Service definition / creation. Would consider a senior director with experience delivering the above looking to step up. All conversations kept in confidence. To arrange a discreet call book a time to speak in my diary via https://calendly.com/chris-holt/cyber-partner-call Chris.Holt@dclsearch.com
- Internal Security Auditor, Level 1 Service Provider (ISO27001)
- Upto 65,000 plus benefits
Internal Security Auditor ISO 27001, PCI, needed to join a Cyber team within this expanding Fintech business. The Internal Security Auditor will have end to end responsibility for planning, delivering, remediating any findings etc. Experience working within financial services is highly desirable. This Is a great time to join a newly formed and growing Cyber team within a rapidly expanding fintech, that is taking a major share of its market. We are looking for someone with experience, (but not to be limited to) a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling etc. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection.