Despite automation, human factor can put industrial processes at risk. A new report has revealed that employee errors or unintentional actions lead to over half of cybersecurity incidents in industrial networks.
Organisations are experiencing a shortage of professionals to handle new threats, said the report from cybersecurity firm Kaspersky.
Organisations are also worried that their operational technology and industrial control system (OT/ICS) network operators are not fully aware of the behaviour that can cause cybersecurity breaches, according to the report titled “State of Industrial Cybersecurity 2019”.
These challenges make up the two major concerns relating to cybersecurity management and go some way in explaining why employee errors cause half of all industrial control system incidents — such as malware infections — and also more serious targeted attacks.
In almost half of companies (45 %), the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks, combining this task with their core responsibilities.
Such an approach may carry security risks. Although operational and corporate networks are becoming increasingly connected, specialists on each side can have different approaches and goals when it comes to cybersecurity.
“This year’s study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” said Georgy Shebuldaev, Brand Manager, Kaspersky Industrial Cybersecurity.
“Taking a comprehensive, multi-layered approach — which combines technical protection with regular training of IT security specialists and industrial network operators — will ensure networks remain protected from threats and skills stay up to date,” Shebuldaev said.