Report: 91% of industrial companies vulnerable to hackers

Cyberattacks against industrial organisations could have serious consequences, yet most of them are vulnerable to penetration, finds Positive Technologies

Industrial companies can be prime targets for criminals because of their size, the importance of business processes, and their impact on the world and people's lives. A new report by Positive Technologies found that more than nine in 10 (91%) industrial organisations are vulnerable to cyber-attacks. 

The study found that external attackers can penetrate the corporate network in all these organisations, and once inside, can obtain user credentials and complete control over the infrastructure in 100% of cases. In over two-thirds (69%) of these cases, external attackers can steal sensitive data from the organisation, including information about partners and company employees and internal documentation.

In addition, penetration testers from Positive Technologies gained access to the technological segment of the network of 75% of organisations. This then enabled them to access industrial control systems (ICS) in 56% of cases.


The sector is becoming a growing target 


In 2020, the industrial sector was the second most popular target for hackers after the government sector, according to Positive Technologies analysis, 12% of attacks were aimed at industrial companies.

The main threats for industrial companies are espionage and financial losses. Thus, in 2020, hackers were mostly motivated by data theft (84% of cases), while financial gain was the aim of 36% of criminals.

Olga Zinenko, senior analyst at Positive Technologies, commented: “Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.”

There is a range of factors that make these organisations vulnerable to attackers, Positive Technologies noted. For example, during recent PT NAD pilot projects, its experts uncovered numerous suspicious events in the internal network of each industrial company. 

The use of outdated software is another contributing factor, as well as saving connection parameters (username and password) in a remote access authentication form. This allows attackers to connect to the resources of an isolated segment without credentials when they obtain control over such a computer.


Taking the right steps to keep your organisation safe 


Attacks are becoming more successful and the scenarios more complex. The main objective of information security specialists today is to assess the feasibility of various security risks in companies and identify possible consequences of cyberattacks, then build an efficient security system based on this knowledge. 

The protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks, and detect security vulnerabilities. But assessing the possibility of most unacceptable cyber incidents on real-world infrastructure is nearly impossible.

Industrial companies are recommended to leverage cyber-ranges to help analyse the cybersecurity of production systems, and enable Infosecurity specialists to correctly verify the cyber events that are unacceptable to their business, evaluate their implications, and assess possible damage without disrupting real business processes.



Featured Articles

Rich investors drawn to digital assets despite crypto crash

The world’s wealthiest people are sold on the concept of digital assets, as a new survey shows they are being used to construct more resilient portfolios

Five minutes with: Katie Nykanen, Group CTO at QA

Katie Nykanen, CTO at QA, on being a role model for girls and young women and her hopes for the future

Big business bets on real-time data and event-streaming tech

By 2025, 90 per cent of the world’s largest companies will use real-time intelligence to improve customer experience and other areas, new research predicts

Mind your language: Is NLP a natural fit for the Metaverse?

AI & Machine Learning

Cyberattacks make a big difference to manufacturing profits

Cloud & Cybersecurity

ICYMI: Space blockchains and 6G predictions for the future

Digital Transformation