A new report by Kaspersky has uncovered that nearly 90% of industrial organisations across sectors such as energy, manufacturing, and oil & gas have fallen victim to cyber-attacks in the past year.
The situation is even more dire in the energy sector, where a staggering 95% of organisations reported being targeted, often resulting in operational downtime and financial losses.
Rising Vulnerabilities in Industrial Sectors
The increasing adoption of connected and automated technologies in industrial settings has significantly expanded the attack surface, creating more entry points for cybercriminals.
David Emm, principal security researcher at Kaspersky, emphasised the gravity of the situation:
“Our research shows that cyber-attacks in industrial sectors are not a matter of ‘if,’ but ‘when.’ As businesses digitise and connect more of their operational technologies, the need for robust and holistic cybersecurity strategies has never been more pressing.”
Adding to the concern, Censys, an internet intelligence platform provider, reports that over 145,000 industrial control systems (ICS) are currently exposed to the internet worldwide. These systems are spread across 175 countries, with North America, Europe, and Asia being the most affected regions.
The Scottish perspective
In Scotland, the impact of cyber-attacks on industrial and public sector organisations has been equally severe, but measures are being taken to mitigate this.
The Scottish Environment Protection Agency (SEPA) fell victim to a major cyber-attack in 2021, and this in turn prompted them to work closely with the Scottish Government, Police Scotland, the National Cyber Security Centre (NCSC), and the Scottish Business Resilience Centre (SBRC).
The Scottish Government has taken proactive steps, through its Scottish Cyber Coordination Centre. A spokesperson for the Scottish Government stated: “We have implemented the Scottish Cyber Coordination Centre (SC3) with a strategic plan for 2024 to 2027, aimed at supporting and improving Scotland’s cyber resilience.”
The Kaspersky report highlights several critical areas of concern:
- IoT Vulnerabilities: 21% of decision-makers ranked IoT vulnerabilities as their top security concern.
- Human Factors: 18% identified insider threats as a persistent problem.
- Technical Complexity: 25% cited confusing technical jargon as a key barrier to understanding cybersecurity needs.
Experts recommend that organisations conduct regular risk assessments, implement robust security controls, and invest in employee training to mitigate these risks.
As cyber threats continue to evolve, it’s clear that industrial firms must prioritise cybersecurity to protect their operations and sensitive data.