Throughout 2022 , 40% of industrial control system (ICS) computers globally were attacked with malware. In Africa, the figure sits at 47% according to Kaspersky ICS CERT*. For countries monitored on the African continent, the three countries which experienced the most attacks on ICS infrastructure were Ethiopia (62%), Algeria (59%), and Burundi (57%). Among others, they are followed by Rwanda (46%), Kenya (41%), Nigeria and Zimbabwe (both stand at 40%), Ghana (39%), Zambia (38%) and South Africa and Uganda (both stand at 36%). This is a high growth threat landscape in Africa that no public or private sector entity, especially in critical sectors like energy and mining, can ignore.
“One infected USB drive or a single spear-phishing email is all it takes for cyber criminals to bridge the air gap and penetrate an isolated ICS network. Traditional security is not adequate to protect industrial environments from rapidly evolving cyber threats. As attacks against critical infrastructure increase, choosing the right approach to secure systems has never been more important,” says Brandon Muller, Kaspersky tech expert and consultant in the Middle East and African region.
Think of an ICS as a collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process. IT is one component of this environment with operational technology (OT) another key element. While traditional cybersecurity solutions focus on data-oriented businesses, ICS protection is geared towards OT security where it is all about cyber-physical companies such as utilities, mining, manufacturing, and so on.
Effective OT cybersecurity measures must therefore include industrial endpoint protection to prevent accidental infections and make motivated intrusion more difficult, OT network monitoring and anomaly detection to identify malicious actions on the level of programmable logic controllers, and dedicated expert services to investigate the infrastructure, conduct expert analytics, or mitigate the impact of an incident.
“However, despite all the innovations in modern cybersecurity solutions, human error still plays a significant role in compromising ICS systems. As such, it needs to be managed much more proactively than what is currently happening. This requires utility companies, mines, and others operating in the industrial environment to look at building a Human Firewall,” adds Muller.
One of the best ways to achieve this is through the right security awareness and training solutions that go beyond basic training. Instead, it is about delivering training that is easily digestible, practical, and memorable so it will always stay top of mind. Companies must provide training to ensure staff are armed with the very latest skills and knowledge, especially given how quickly cyber incidents evolve.
Beyond the Human Firewall, there are sector-specific interventions to consider. For instance, modern electrical power systems are complex environments requiring protection, automation, and control solutions covering all areas of electric power facility operation. Notwithstanding the technical challenges of securing this environment, organisational issues must also be considered. For instance, a lack of guides defining actions to be taken when suspicious activity is detected within automated systems. There is also a lack of documents and practices relating to the investigation of disturbances in technological environments including malicious influence on control systems.
Mines are also hotbeds for potential attacks especially at a time when Industry 4.0 digital technologies link key operational systems to data analytics and cloud environments. Mines are confronted by escalating cybersecurity threats but lack the in-house skills to adequately protect their OT and ICS environments. Combining ICS cybersecurity solutions with ongoing user education and training are non-negotiables especially when human lives are at risk.
“It is a holistic approach towards ICS cybersecurity that incorporates hardware, software, and user awareness training components that will result in a hardened defensive posture around all aspects of OT security processes,” says Muller.
For more information on Kaspersky’s product offering for Industrial Cybersecurity, visit: https://ICS.Kaspersky.com/
Kaspersky Industrial CyberSecurity is a portfolio of products and services specially designed by Kaspersky to secure Operational Technology layers and elements of industrial enterprises. Aimed to provide a holistic approach to industrial cybersecurity, Kaspersky Industrial CyberSecurity brings value on any stage of the OT security process – from cybersecurity assessment and training to advanced technologies and incident response.