Why cybersecurity is no longer enough to protect industries against hackers
In a classic Catch-22 situation, several critical infrastructure industries are increasingly relying on the Internet of Things (IoT) and Artificial Intelligence (AI) to automate parts of their operating model, thereby reducing overheads and increasing efficiency - but this means exposing their machinery to cyberattacks and all the risks that entails, including increasing cost of business.
While traditionally hackers have targeted consumer and corporate systems, they are now shifting their attacks to industrial systems where damages could be much more severe, said Eugene Kaspersky, CEO of Moscow-based multinational cybersecurity and anti-virus provider Kaspersky.
According to a recent Kaspersky report, almost one in three industrial computers was subject to malicious activity in the first half of 2021. These types of threats are growing for the second six-month period of the year and pose a big challenge to industrial control systems (ICS), the report indicated.
Can the Middle East produce a cyber-security firm to challenge Silicon Valley?
Bahrain is fast emerging as the regional leader in key ICT industries, such as gaming, internationally connected data centres, and now cybersecurity
“Hackers are gradually shifting from financial fraud towards industrial systems as more of these systems got connected to the internet during Covid and even now as industries are increasingly relying the IoT and AI,” Kaspersky told Arabian Business.
“The feedback we are getting from production companies so far is that they are not hacked yet, but they are detecting suspicious activity on their network. I am afraid it is just a matter of time before the hackers crack these systems and then the damage will be much more painful than attacks on office networks,” he continued.
To illustrate the severity of the effects of such industrial hacks, Kaspersky gave the examples of tracking devices and how smart cities use IoT for all elements of city life, from traffic lights to street cameras.
“If this data is lost, the city would be paralysed for a couple of days at least. All of us have got so reliant on technology, we have forgotten how to use our heads and that creates a very good opportunity for malicious cyber-criminals,” said Kaspersky.
Because of this potential to be hacked, some critical-services are reluctant to use IoT and AI.
Eugene Kaspersky, CEO of Kaspersky.
“There are a lot of new digital capabilities that would enhance performance across many industries – using data collected from algorithms, companies can automate their production thereby decreasing cost, optimise the costs, ensure quality throughout the production, and extend product-lines’ life,” said Kaspersky.
“But many such systems must be connected to the vendors for technical support and monitoring. If industry-heads see the hackers in the same space, it is a business-stopper. So many companies don’t want to do that because they don’t want to connect their expensive equipment or take risks if they are working in critical infrastructure projects as the damage can be critical,” he continued.
Kaspersky added: “In the past, hackers were like street robbers: a pesky problem certainly, but with no grave consequences. But now, when industrial systems are connected to the internet, it has become a critical issue. Hackers now have the power to disrupt and stop businesses.”
As such, cybersecurity is no longer enough and what is needed is “cyber immunity”, according to Kaspersky.
“Cybersecurity is like wearing the mask [to protect against coronavirus]. Cyber-immunity is the vaccine,” he said.
Hackers are gradually shifting from financial fraud towards industrial systems.
Kaspersky explained that, specifically for ICS, they’ve developed a bottom-up approach to security oversees the safeguarding and protection of control systems used for monitoring industrial processes by requiring permission for every layer of a process.
Speaking of Dubai and the UAE, Kaspersky said the “level of awareness when it comes to industrial cybersecurity is higher than many other regions”.
“Dubai is heading towards becoming a smart-city and here it is important to have good industrial cybersecurity because of all the data gathering that is needed to make this possible and the implications it would have,” he said.
Gloss