According to Kaspersky’s report, it shows that 52% of Cyber-security Incidents in 2018 were caused by human error.

Here are the report’s findings:

1. Top 7 most common types of vulnerabilities within industrial control systems:
• Misconfigurations (34.7 percent)
• Vulnerabilities, patches and updates (26.7 percent)
• Identity and access management (12.9 percent)
• Insecure services enabled (7.9 percent)
• Architecture and network segmentation (7.9 percent)
• Encryption and authentication (5.9 percent)
• Other (2 percent)

2. Top 6 key trends identified within the industry:
• Greater public awareness of issues around industrial cybersecurity
• Closer integration of OT and IT systems
• The rapid proliferation of new and untested technologies
• An increase in the number of cyber-security regulations around the world
• The growth of cyber insurance
• The shortage of industrial cyber-security skills

3. Top 5 technical problems observed within the industry:
• Outdated and vulnerable software
• Inadequate network segregation
• Lack of system hardening
• Weak access control
• Insufficient logging and monitoring

4. Top 5 non-technical problems observed within the industry:
• Governance of cyber-security is low.
• Staff training and security awareness
• Business continuity plan
• Third party management
• Incident response planning

5. How do attackers get in? The report says:
• Vendors
• Remote operations
• IT/OT integration
• Industrial Internet of Things (IIoT) sensors and gateways
• Malware infection from remove-able media
• Poorly configured access points and modems

Condition Zebra (an International IT security services, Training and Certification provider) would like to share our views on this matter:

As we know, cyber attack is an alarming issue, organizations should take proactive actions to prevent such incidents from occurring. It is compulsory for every organizations to have their infrastructures go through a penetration test at least once a year. We, at Condition Zebra, would like to offer you an opportunity to perform FREE penetration testing for your infrastructure. Although this is a free of charge service, Condition Zebra is committed to provide the best penetration testing service for you. Do grab this opportunity while this promotion is still ongoing.

And it is very important to keep your first line of defense (your employees) well equipped with cyber-security skills. Check out our list of updated cyber-security trainings here.

Source: SecurityMagazine