Report: 91% of industrial companies vulnerable to hackers

Share
Cyberattacks against industrial organisations could have serious consequences, yet most of them are vulnerable to penetration, finds Positive Technologies

Industrial companies can be prime targets for criminals because of their size, the importance of business processes, and their impact on the world and people's lives. A new report by Positive Technologies found that more than nine in 10 (91%) industrial organisations are vulnerable to cyber-attacks. 

The study found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.

In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access industrial control systems (ICS) in 56% of cases.

 

The sector is becoming a growing target 

 

In 2020, the industrial sector was the second most popular target for hackers after the government sector, according to Positive Technologies analysis, 12% of attacks were aimed at industrial companies.

The main threats for industrial companies are espionage and financial losses. Thus, in 2020, hackers were mostly motivated by data theft (84% of cases), while financial gain was the aim of 36% of criminals.

Olga Zinenko, senior analyst at Positive Technologies, commented: “Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.”

There is a range of factors that make these organisations vulnerable to attackers, Positive Technologies noted. For example, during recent PT NAD pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. 

The use of outdated software is another contributing factor, as well as saving connection parameters (username and password) in a remote access authentication form. This allows attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.

 

Taking the right steps to keep your organisation safe 

 

Attacks are becoming more successful and the scenarios more complex. The main objective of information security specialists today is to assess the feasibility of various security risks in companies and identify possible consequences of cyberattacks, then build an efficient security system based on this knowledge. 

The protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks, and detect security vulnerabilities. But assessing the possibility of most unacceptable cyber incidents on real-world infrastructure is nearly impossible.

Industrial companies are recommended to leverage cyber-ranges to help analyse the cybersecurity of production systems, and enable Infosecurity specialists to correctly verify the cyber events that are unacceptable to their business, evaluate their implications, and assess possible damage without disrupting real business processes.

 

Share

Featured Articles

Nvidia Predictions: AI Infrastructure Set to Shift in 2025

Nvidia executives predict quantum computing breakthroughs, liquid-cooled data centres and autonomous agents will reshape enterprise computing landscape

Nvidia & AWS’s AI Breakthroughs at Re:Invent 2024

Nvidia & AWS showcase groundbreaking AI, robotics & quantum computing solutions at re:Invent 2024, changing enterprise AI deployment across industries

SAP and AWS Partner on AI-Powered Cloud ERP Platform GROW

Partnership between enterprise software firm SAP and cloud computing leader Amazon Web Services aims to speed cloud software adoption with generative AI

SAVE THE DATE – Cyber LIVE London 2025

Cloud & Cybersecurity

Amazon's New AI Chip Challenges Nvidia's Dominance

AI & Machine Learning

Wipro Cloud Deal Marks Marelli’s Data Centre Transformation

Digital Transformation