MOSCOW, May 22. According to MTS RED research, almost half of the hacker attacks carried out on industrial enterprises occur during non-working hours, the company’s press service reports.
According to analysts, since the beginning of the year the industry has faced more than 20 thousand attacks. The results of the study were presented” at the conference “Digital Industry of Industrial Russia” (CIPR).
During the section “Information security from one vendor through the eyes of CISO: fears and opportunities,” the company’s information security director Vitaly Medvedev said that approximately 15% of the attacks committed had the status of critically significant, that is, according to enterprises, they could lead to the interruption of key business processes or cause serious financial damage. The industry faces an average of approximately 160 cybersecurity incidents every day, including 24 critical incidents.
The study says that almost half (45%) of all attacks on industry occurred on weekends and holidays or during traditional non-working hours – from 19:00 to 09:00. At the same time, the share of critical incidents at night increased noticeably: from 12% during company business hours to 25% at night.
“Industry is one of the most interesting targets for hackers, especially politically motivated ones. We see both by the nature and timing of the attacks that in most cases, attackers are aimed at unnoticed penetration and long-term covert presence in the infrastructure of industrial enterprises, rather than a quick and a noticeable result. Therefore, monitoring of cyber threats in industry should be carried out around the clock, and their analysis should be carried out by specialists with extensive specialized experience,” said the company’s technical specialist Ilnaz Gataullin, as quoted by the press service.
The main vector of threats was bypassing security measures – the industry encountered attempts at such attacks in 34% of cases. In second place were potentially harmful actions of employees. In 11% these were illegitimate actions of administrators, in 6% – violations of information security policies by users.
Attempts to infect industrial companies with malware (malware) accounted for 4% of the total volume of attacks on the industry, but in total the industry accounted for about 20% of the total volume of incidents of this type. Previously, analysts reported that industry is attacked by Trojans more often than usual (61%). However, Trojans and worms used to attack industry are more likely than other industries to have credential theft and espionage functionality (38%) or data encryption (19%).
“Over many years of working in the media, I have seen several hundred reports from information security companies on cyber threats, indicating that the number of attacks is growing from year to year, from quarter to quarter. Attackers are constantly looking for new vulnerabilities and coming up with new scenarios and methods of attacks. Therefore, the issue of information security has always been important, and since 2022 it has become one of the key ones for business,” emphasized Ekaterina Kinyakina, editor of the “Technology and Telecommunications” department of the Vedomosti newspaper, her words are quoted by the press service.
At the same time During the discussion, experts stated that protection against all current cyber threats cannot be entrusted to one vendor.
“Now the role of information security in the fuel and energy complex is, of course, significant and highly relevant. Speaking about the choice of certain solutions existing in the Russian information security market, it should be remembered that approaches to this issue must be considered individually and comprehensively. We must build an effective and a centralized system for managing and monitoring all the company’s information security processes, without disrupting the main business processes,” said Mikhail Naumov, Director of the Information Security Department of Transneft PJSC.
According to Medvedev, the choice of a product should be based on its characteristics. He clarified that now, even the largest players in the information security market, not all products have the same high level of maturity.
“At the same time, in some cases, for example, in the case of complementary technologies, it makes sense to purchase them from one vendor or, as at least from vendors who guarantee the possibility of their mutual integration. In the current environment, protection against cyber threats requires a delicate balance of approaches,” Medvedev emphasized.
Recent Comments