An external attacker can penetrate the corporate network at 91% of industrial organizations, according to a study by Positive Technologies.
And, once inside the internal network, attackers can steal user credentials and obtain full control over the infrastructure in 100% of cases, and at 69% of companies, they can steal sensitive data, including information about partners and company employees, email correspondence and internal documentation.
“Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, internet-accessible external network perimeters contain weak protection, device configurations contain flaws and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks,” says Olga Zinenko, senior analyst at Positive Technologies.
- Once criminals have obtained access to ICS components, they can shut down entire productions, cause equipment to fail, trigger chemical spills and even industrial accidents that could cause series harm or death to industrial employees.
- According to the report, the main threats for industrial companies are espionage and financial losses.
- More than any other industry, the protection of the industrial sector requires modeling of critical systems to test their parameters, verify the feasibility of business risks and detect security vulnerabilities.