Skip to main content

Industrial companies are prime targets for cyberattacks

security
(Image credit: Shutterstock / Golden Sikorka)

Cyberattacks against industrial organizations could have real-life, physical consequences, yet most of them are quite vulnerable to penetration, a new report states.

Experts from Positive Technologies recently analyzed security risks found in industrial companies and found that more than nine in ten (91 percent) could be attacked. The company’s penetration testers managed to gain access to the industrial control system (ICS) networks at 75 percent of these companies, as well.

The consequences of these attacks could be quite severe. Criminals could shut down entire productions, cause failures of various equipment, trigger chemical spills which could, at the end of the day, result even in employee death. Still, most of the time, criminals are interested mostly in espionage and theft of funds. 

“Today, the level of cybersecurity at most industrial companies is too low for comfort,” commented Olga Zinenko, Senior Analyst at Positive Technologies. “In most cases, Internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks.”

In all of the cases analyzed, researchers are claiming, attackers can steal user credentials and obtain full control over the infrastructure. What’s more, at more than two-thirds of cases, criminals could steal sensitive data such as information on partners and employees, email correspondence, and various internal documentation. 

Positive Technologies’ recommendation for these companies is to leverage cyber-ranges to help analyze the cybersecurity of production systems. Furthermore, they should enable infosecurity specialists to correctly verify the cyber events that are unacceptable to their business, evaluate their implications, and assess possible damage without disrupting real business processes.