HomeMix

GITEX 2021: ICS Computers in UAE subject to increased cyber threats when compared to worldwide

GITEX 2021: ICS Computers in UAE subject to increased cyber threats when compared to worldwide

At GITEX Technology Week 2021 Kaspersky highlights Cyber threats seen across the region. Cyber threats against ICS systems stand out as the most prominent. The UAE experienced a 4% increase in attacks against ICS computers during the first half of 2021 when compared to the same period last year. This stands higher than the global average which only increased by 1.2% for the same period.

Industrial control system (ICS) security oversees the safeguarding and protection of control systems used for monitoring industrial processes. Such systems are critical in keeping essential infrastructure functioning and they are increasingly under attack. The potential for critical system breakdown, production accidents, and even city-wide or national impact is increasing.

In Kaspersky’s “Threat Landscape for Industrial Automation Systems Report”, spyware, which is mostly deployed to steal money and information, are up by 0.6 percentage points in UAE. Simultaneously, malicious scripts grew by 2.7 percentage points. Threat actors use such scripts on various websites hosting pirated content to redirect users to sites that distribute spyware or malware designed to mine cryptocurrency without the user’s knowledge.

“The global trajectory is to move to digital services across the board. This also includes Industrial Control systems which today are increasingly connected. For many, this has translated in increased convenience and efficiency, but it also exposes them to cyberattacks. A worst-case scenario can result in total disruption of industrial processes. Depending on the criticality of an industrial object, the results can mean a loss of money, halt a global supply chain  or even lead to real-world, physical damages” said Emad Haffar, Head of Technical Experts for the Middle East, Turkey and Africa at Kaspersky.

ICS security is often overlooked because the devices fall somewhere in between ICT and engineering. Cyber Security today is everyone’s concern, it is no longer an option for the responsibility to lie with one department alone but rather across a few departments.

Based on their report’s findings, Kaspersky’s research team outlines a few steps organizations can take to ensure a secure ICS environment:

Conduct ICS assessment: An ICS security assessment will identify security flaws on all layers, starting from physical and network security.

Through the various tests that mimic common attacks, experts will separately analyse the software and hardware solutions used to control the industrial process and the systems connected to it – and most importantly, their vulnerabilities.

Choose the correct product: Security needs to evolve quicker than attackers, to protect industrial environments from cyber threats. As the number of threats targeting critical infrastructure increases, choosing the right advisor and technology partner to secure your systems becomes even more important. Kaspersky ICS products are purpose-built so that the organisation is secured and are designed to protect industrial operator panels, workstations, and servers.

Employee training is a critical part of ICS security: Human error due to a lack of cybersecurity knowledge and awareness is the leading cause of cyber-incidents. Training can be short and intensive, tailored for everyday users of computer-based systems as well as more in-depth for IT/OT security experts, ICS operators and engineers especially ones that do not have an IT background.

Private ICS Intelligence is essential: Intelligence services help ICS operators stay safe in the face of constantly emerging threats, and assists them in developing defensive strategies. Analytics, collected especially for a customer’s region will enhance cyber protection from targeted industrial cyber-attacks.

A service like Kaspersky’s ICS Hash Data Feed offers threat intelligence for the benefit of security operations, incident investigations and responses that are relevant to industrial control systems. It helps to focus on mitigating threats that are most relevant to the user’s industrial infrastructure and pose the most risk to the business.

While this provides a broad strategic approach to ICS security, the fact remains that a customised consultation, testing, and roadmap is absolutely essential. As with any mission-critical consideration, it is sound business sense to be prepared and equipped in advance.

COMMENTS