91 percent of industrial companies at risk of cyberattacks
Industrial businesses were the second most targeted sector in 2020 and new research from Positive Technologies shows that an external attacker could penetrate the corporate network at 91 percent of them.
In addition, Positive Technologies penetration testers gained access to the industrial control system (ICS) networks at 75 percent of these companies. Once criminals have obtained access to ICS components, they can shutdown entire production lines, cause equipment to fail, or incidents that could cause serious harm.
Olga Zinenko, senior analyst at Positive Technologies, says, "Today, the level of cybersecurity at most industrial companies is too low for comfort. In most cases, Internet-accessible external network perimeters contain weak protection, device configurations contain flaws, and we find a low level of ICS network security and the use of dictionary passwords and outdated software versions present risks."
The report reveals that, once inside the internal network, attackers can steal user credentials and obtain full control over the infrastructure in 100 percent of cases. At 69 percent of companies they can steal sensitive data, including information about partners and company employees, email correspondence, and internal documentation. But worrying is that at 75 percent of industrial companies Positive Technologies specialists managed to gain access to the technological segment of the network, which allowed them to then access actual industrial control systems in 56 percent of cases.
Industrial companies attract attacks because of their size, the importance of business processes, and their impact on the world and people's lives. According to the report, the main threats to industrial companies come from espionage and financial losses.
The full research is available from the Positive Technologies site.