Throughout 2022, 40% of industrial control system (ICS) computers globally were attacked with malware. In Africa, the figure sits at 47%, according to Kaspersky.
The three countries which experienced the most attacks on ICS infrastructure were Ethiopia (62%), Algeria (59%), and Burundi (57%). They are followed by Rwanda (46%), Kenya (41%), Nigeria and Zimbabwe (both stand at 40%), Ghana (39%), Zambia (38%) and South Africa and Uganda (both stand at 36%).
Kaspersky says this is a high growth threat landscape that no public or private sector entity can ignore – especially those within critical sectors like mining and energy.
“One infected USB drive or a single spear-phishing email is all it takes for cyber criminals to bridge the air gap and penetrate an isolated ICS network. Traditional security is not adequate to protect industrial environments from rapidly evolving cyber threats. As attacks against critical infrastructure increase, choosing the right approach to secure systems has never been more important,” says Brandon Muller, Kaspersky tech expert and consultant, MEA region.
Kaspersky defines ICS as a collection of personnel, hardware, and software that can affect or influence the safe, secure, and reliable operation of an industrial process.
IT is one component of this environment with operational technology (OT) another key element.
The cybersecurity company adds that while traditional cybersecurity solutions focus on data-oriented businesses, ICS protection is geared towards OT security where it’s all about cyber-physical companies, in sectors such as utilities, mining and manufacturing.
Kaspersky advises that to be effective, OT cybersecurity measures must include industrial endpoint protection to prevent accidental infections and make motivated intrusion more difficult. In addition, OT network monitoring and anomaly detection will help to identify malicious actions on the level of programmable logic controllers, and dedicated expert services to investigate the infrastructure, conduct expert analytics, or mitigate the impact of an incident.
However, despite all the innovation in modern cybersecurity solutions, human error still plays a significant role in compromising ICS systems. “As such, it needs to be managed much more proactively than is currently happening. This requires utility companies, mines, and others operating in the industrial environment to look at building a ‘human firewall’,” adds Muller.
Kaspersky says one of the best ways to achieve this is by making available the right security awareness and training solutions.
“It’s about delivering training that is easily digestible, practical, and memorable so it will always stay top of mind. Companies must provide training to ensure staff are armed with the very latest skills and knowledge, especially given how quickly cyber incidents evolve,” the company adds.
The human factor aside, there are sector-specific interventions that have to considered, Kaspersky continues.
It explains, “For instance, modern electrical power systems are complex environments requiring protection, automation, and control solutions covering all areas of electric power facility operation. Notwithstanding the technical challenges of securing this environment, organisational issues must also be considered. For instance, a lack of guides defining actions to be taken when suspicious activity is detected within automated systems. There is also a lack of documents and practices relating to the investigation of disturbances in technological environments including malicious influence on control systems.”
Another cybersecurity hotbed is the mining sector, also because 4IR technologies link operational systems to data analytics and cloud environments.
In the case of mining, the cybersecurity situation is exacerbated by a lack of in-house skills to adequately protect OT and ICS environments.
Kaspersky warns that ICS cybersecurity solutions must be combined with ongoing user education and training.
Muller Said, “It’s a holistic approach towards ICS cybersecurity that incorporates hardware, software, and user awareness training components that will result in a hardened defensive posture around all aspects of OT security processes”.