Companies should pay particular attention to critical infrastructure systems - such as industrial control systems (ICS), which are used to control automation and production lines, among other things.

The big challenge: Devices and systems used in industry in particular are often not yet equipped to fend off complex attacks, regardless of whether they are targeted or reach the company by chance as part of a broad spread of malware.

According to a survey by Kaspersky Lab, three out of four industrial companies worldwide believe that they could fall victim to an ICS attack. However, only 52 percent have prepared adequate response measures for such incidents. There is therefore a need for action - both in terms of knowledge of the IT threat landscape and in terms of suitable cyber protection for Industry 4.0.

Collateral damage due to generic malware

Too often, the outdated view still prevails that systems physically isolated from the internet, so-called "air gaps", are sufficient as IT protection. However, in the age of Industry 4.0, most non-critical industrial networks are accessible via the internet. Research by Kaspersky Lab shows that industrial computers regularly fall victim to the same malware (malicious programs) that infect companies' conventional IT infrastructure, including Trojans, viruses and ransomware (blackmail software).

Ransomware infections can lead to serious consequences and soon ransomware specifically designed to attack industrial systems could have features tailored to this. Instead of encrypting data, for example, it could disrupt operational processes or block access to important resources.

In addition to generic threats, ICS-specific malware and targeted attacks such as Stuxnet or BlackEnergy must also be considered as attack vectors in the industry. Even an infected USB drive or a single spear phishing email can lead to attackers overcoming the "air gap" and penetrating an isolated network.

Gateway for cyber criminals

There are various vulnerabilities that criminals prefer to use to penetrate networks:

Connections to the Internet: Industrial control systems also have direct connections to the Internet. This includes the intranet, direct internet connections, WLAN and dial-up modems. These connections are often not uniformly secured and therefore allow access for third parties, including cyber criminals.

Insufficient protection by firewalls: Firewalls only offer protection to a certain extent. This is because their security settings are often inadequate. More and more computers running SCADA (Supervisory Control and Data Acquisition) software for monitoring industrial plants are being attacked by "common" malware.

Vulnerabilities in SCADA systems: Exploits and targeted malware are currently being tailored to specific SCADA and ICS applications. In addition, commercially available SCADA specifications are accessible online and thus support hackers in their work.

Underestimating these cyber risks can have serious consequences. An adequate IT security strategy in the industrial sector therefore not only requires solutions and services that can be used to deal with malware and targeted attacks, but also many other cyber threats and risk factors.

Protection from the endpoint to the production line

Protective measures that meet the requirements of industrial control systems and an industrial infrastructure must consist of several levels. Suitable solutions such as Kaspersky Industrial CyberSecurity provide both products and services. The solution protects an ICS environment against cyber threats that can arise from both generic malware and targeted attacks. Risk factors and threats can be minimized by means of a white-listing approach, device and connection control or by checking updates.

However, relying on technology alone is not enough today. Employees in industrial environments should therefore receive special training to raise awareness of the risk of social engineering attacks. For engineers, for example, IT security is a rather new topic. Nevertheless, a mistake at store floor level can trigger a cyber security incident - for example via an infected USB stick. Training and awareness programs are therefore essential for employees in order to sensitize them to the potential gateways of cyber criminals and teach them how to deal with misconduct correctly. In addition, it is important to define the necessary security requirements as part of operational requirements and to list the current status of existing cyber security.

Cybersecurity meets traditional brewery

A recent example of such an audit is the cooperation between Kaspersky Lab and the Pilsner Urquell brewery. The aim here was to improve the resilience of the production lines and operating technology (OT) to cyber threats.

Kaspersky Lab conducted a comprehensive, minimally invasive security assessment - the Kaspersky Cybersecurity Assessment (CSA) - via remote and on-site measures. The CSA process began with an audit of the infrastructure and the subsequent development of a threat model for two breweries and eight packaging lines within the production facility. The connections of the company network to the industrial site and the SCADA software used were examined. In addition, all uncontrolled external connections to and from the industrial store floor level were identified. At the end of the infrastructure audit, Pilsner Urquell Brewery was provided with an overview of the vulnerabilities discovered, zero-day security gaps, information on possible attack vectors and practical recommendations for action.

The author: Milos Hrncar, General Manager DACH at Kaspersky Lab