Report: 91% of industrial companies vulnerable to hackers

Cyberattacks against industrial organisations could have serious consequences, yet most of them are vulnerable to penetration, finds Positive Technologies

Industrial companies can be prime targets for criminals because of their size, the importance of business processes, and their impact on the world and people's lives. A new report by Positive Technologies found that more than nine in 10 (91%) industrial organisations are vulnerable to cyber-attacks. 

The study found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.

In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access industrial control systems (ICS) in 56% of cases.


The sector is becoming a growing target 


In 2020, the industrial sector was the second most popular target for hackers after the government sector, according to Positive Technologies analysis, 12% of attacks were aimed at industrial companies.

The main threats for industrial companies are espionage and financial losses. Thus, in 2020, hackers were mostly motivated by data theft (84% of cases), while financial gain was the aim of 36% of criminals.

Olga Zinenko, senior analyst at Positive Technologies, commented: “Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.”

There is a range of factors that make these organisations vulnerable to attackers, Positive Technologies noted. For example, during recent PT NAD pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. 

The use of outdated software is another contributing factor, as well as saving connection parameters (username and password) in a remote access authentication form. This allows attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.


Taking the right steps to keep your organisation safe 


Attacks are becoming more successful and the scenarios more complex. The main objective of information security specialists today is to assess the feasibility of various security risks in companies and identify possible consequences of cyberattacks, then build an efficient security system based on this knowledge. 

The protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks, and detect security vulnerabilities. But assessing the possibility of most unacceptable cyber incidents on real-world infrastructure is nearly impossible.

Industrial companies are recommended to leverage cyber-ranges to help analyse the cybersecurity of production systems, and enable Infosecurity specialists to correctly verify the cyber events that are unacceptable to their business, evaluate their implications, and assess possible damage without disrupting real business processes.



Featured Articles

SolarWinds: IT Professionals Worry about AI Integration Risk

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Qlik's Julie Kae: Leveraging Data to Improve Sustainability

In an exclusive interview with Qlik’s Julie Kae, she explores siloed data business challenges and how leveraging data can improve sustainability strategies

Study: More than Half of Companies Lack AI Innovation Skills

Research by SoftwareOne reveals a stark human skills gap in maximising AI and cloud potential, as 97% of companies prioritise upskilling workforces

Devoteam Expands into UK Market, Acquires Ubertas Consulting

Cloud Computing

NTT DATA: Outdated Tech Holding Back Global Organisations

Digital Transformation

CGG Rebrands to Viridien to Become an Advanced Tech Company

Cloud & Cybersecurity