Industrial companies can be prime targets for criminals because of their size, the importance of business processes, and their impact on the world and people's lives. A new report by Positive Technologies found that more than nine in 10 (91%) industrial organisations are vulnerable to cyber-attacks.
The study found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.
In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access industrial control systems (ICS) in 56% of cases.
The sector is becoming a growing target
In 2020, the industrial sector was the second most popular target for hackers after the government sector: according to Positive Technologies analysis, 12% of attacks were aimed at industrial companies.
The main threats for industrial companies are espionage and financial losses. Thus, in 2020, hackers were mostly motivated by data theft (84% of cases), while financial gain was the aim of 36% of criminals.
Olga Zinenko, senior analyst at Positive Technologies, commented: “Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.”
There is a range of factors that make these organisations vulnerable to attackers, Positive Technologies noted. For example, during recent PT NAD pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company.
The use of outdated software is another contributing factor, as well as saving connection parameters (username and password) in a remote access authentication form. This allows attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.
Taking the right steps to keep your organisation safe
Attacks are becoming more successful and the scenarios more complex. The main objective of information security specialists today is to assess the feasibility of various security risks in companies and identify possible consequences of cyberattacks, then build an efficient security system based on this knowledge.
The protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks, and detect security vulnerabilities. But assessing the possibility of most unacceptable cyber incidents on real-world infrastructure is nearly impossible.
Industrial companies are recommended to leverage cyber-ranges to help analyse the cybersecurity of production systems, and enable Infosecurity specialists to correctly verify the cyber events that are unacceptable to their business, evaluate their implications, and assess possible damage without disrupting real business processes.