Most Industrial Cyber Incidents Down To Human Error – Kaspersky
.jpg)
Cyber security incidents in industrial systems are mostly down to employee error, Kaspersky has warned in a new report.
The report, “State of Industrial Cybersecurity 2019”, found that employee errors or unintentional actions were behind 52% of incidents affecting operational technology and industrial control system (OT/ICS) networks in 2018.
Last month a number of large blue-chip industrial firms in Germany confirmed they have been subjected to cyber-attack. BASF and Henkel are chemical giants, Siemens makes power-generating kit among other things, and Roche is a drug company.
Industrial cyber incidents
Part of the problem for industrial entities is the shortage of professionals to handle modern cyber risks, coupled with low awareness among employees.
The problem is getting worse as more industrial groups change from manual processes to computer systems, some of which can be highly complex.
In March, for example, large Norwegian manufacturing firm Norsk Hydro admitted it had lost more than $40m, in the week following a devastating ransomware attack.
The Kaspersky report confirmed that industrial groups are increasingly recognising the importance of securing their systems, with 87 per cent of respondents agreeing that cybersecurity is becoming a top priority for industrial companies.
A fine sentiment, but the Kaspersky study also found that only just over half of companies (57 per cent) have the allocated budget for industrial cybersecurity.
Matters are not helped by a shortage of skilled staff.
“Organisations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks but are worried that their OT/ICS network operators are not fully aware of the behaviour that can cause cybersecurity breaches,” the security experts said.
“These challenges make up the top two major concerns relating to cybersecurity management and go some way to explaining why employee errors cause half of all ICS incidents – such as malware infections – and also more serious targeted attacks,” it added.
Kaspersky said that in almost half of companies (45 per cent), the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks. It said this approach may carry security risks: although operational and corporate networks are becoming increasingly connected, specialists on each side can have different approaches (37 per cent) and goals (18 per cent) when it comes to cybersecurity.
“This year’s study shows that companies are seeking to improve protection for industrial networks,” said Georgy Shebuldaev, brand manager at Kaspersky Industrial Cybersecurity.
“However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” Shebuldaev added. “Taking a comprehensive, multi-layered approach – which combines technical protection with regular training of IT security specialists and industrial network operators – will ensure networks remain protected from threats and skills stay up to date.”
IoT protection
Kaspersky also warns organisations to consider specific protection for Industrial IoT which can become highly connected externally.
In April this year security officials at the German multinational pharmaceutical and life sciences giant Bayer AG reported that they detected and then contained a cyber attack.
The hackers using the Winnti malware had apparently gained access to Bayer’s network in early 2018 by using malware to spy on the company.
But security teams at Bayer reportedly detected the intrusion and covertly monitored it for over a year.
source silicon
Industry: Cyber Security

Latest Jobs
-
- Senior Presales Consultant | Managed Security Services | London
- London
- N/A
-
Senior Presales Consultant – Managed Security Services Location: London-commutable (Hybrid) A well-established cyber consultancy is seeking a Senior Presales Consultant to drive growth across its managed security services / advisory portfolio. This hybrid role bridges commercial and technical expertise supporting solution design, shaping customer proposals, and guiding conversations from scoping through to delivery. Key experience: Background in managed security services, including SOC operations and threat detection Strong knowledge of cloud and on-prem security tooling (SIEM, EDR, IAM) Penetration testing Proven ability to translate technical concepts into clear business value Confident in customer-facing engagements and pre-sales delivery Experience contributing to bids, proposals, and RFI/RFP responses To find out more contact me on 07884666351 Visa sponsorship is unfortunately not available for this role.
-
- New Business | Cyber Security | Overlay sales (UK Based- London commutable)
- London
- N/A
-
New Business Sales Hunter needed | Cybersecurity (UK Based- London commutable) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding team. New business focused - £500-750 GP Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351
-
- New Business Sales Hunter | Cyber Security (UK Based)
- London
- To attract the right person
-
New Business Sales Hunter needed | Cybersecurity (UK Based) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Be UK based - and able to achieve UK SC clearance. (sorry no visas) Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding cyber security firm. New business focused - £1m GP year one target (ramped). Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable 1x per week. Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351