Africa’s industrial cybersecurity challenges to 2023: We need to strengthen our defenses in energy and mining

Through 2022 (https://bit.ly/3wQqhGM), 40% of industrial control system (ICS) computers worldwide were attacked by malware. In Africa, the figure reaches 47%, according to Kaspersky (www.Kaspersky.co.za) ICS CERT*. The three countries monitored on the African continent with the highest number of attacks against ICS infrastructure were Ethiopia (62%), Algeria (59%) and Burundi (57%). Among others, Rwanda (46%), Kenya (41%), Nigeria and Zimbabwe (both 40%), Ghana (39%), Zambia (38%), South Africa and Uganda (both 36%). This is a threat to high growth in Africa that public institutions and private companies, especially in key sectors such as energy and mining, cannot ignore.

“With just one infected USB drive or one spear-phishing email, cybercriminals can bridge the air gap and infiltrate an isolated ICS network. As attacks on critical infrastructure increase, choosing the right approach to securing systems is more important than ever,” says Kaspersky. Brandon Muller, technology expert and consultant for the Middle East and Africa region.

Think of an ICS as a collection of personnel, hardware, and software that can affect the safe and reliable operation of industrial processes. IT is her one component of this environment, and operational technology (OT) is another key component. While traditional cybersecurity solutions focus on data-oriented businesses, ICS protection targets OT security for cyber-physical enterprises such as utilities, mining, and manufacturing.

Effective OT cybersecurity measures therefore include industrial endpoint protection to prevent accidental infections and make motivated intrusions more difficult; It should include OT network monitoring and anomaly detection, as well as dedicated expert services to survey infrastructure and conduct experts. Analyze, or mitigate the impact of an incident.

“However, despite all the innovations in modern cybersecurity solutions, human error still plays a significant role in compromising ICS systems. This requires utilities, mines, and others operating in industrial environments to consider building human firewalls,” adds Muller.

One of the best ways to achieve this is through proper security awareness and training solutions beyond basic training. Instead, it aims to provide workouts that are easily digestible, practical, and memorable, so they will always stick in your mind. Companies should provide training to ensure their staff are armed with the latest skills and knowledge, especially given how rapidly cyber incidents evolve.

Beyond human firewalls, there are sector-specific interventions to consider. For example, modern power systems are complex environments that require protection, automation, and control solutions that cover all areas of power plant operations. While there are technical challenges to securing this environment, organizational issues must also be considered. For example, there is a lack of guidance defining actions to be taken when suspicious activity is detected within automated systems. There is also a lack of documentation and practices regarding the investigation of faults in the technical environment, including malicious effects on control systems.

Mining is also a hotbed for potential attacks as the digital technologies of Industry 4.0 link key operational systems to data analytics and cloud environments. Miners face escalating cybersecurity threats but lack the in-house skills to adequately secure their OT and ICS environments. Combining ICS cybersecurity solutions with ongoing user education and training is non-negotiable, especially when lives are at stake.

“This is a holistic approach to ICS cybersecurity that incorporates components of hardware, software, and user awareness training to strengthen defense posture in all aspects of the OT security process,” says Muller.

For more information about Kaspersky Lab products for industrial cybersecurity, please visit https://ICS.Kaspersky.com/.

Kaspersky Industrial CyberSecurity is a portfolio of products and services specially designed by Kaspersky to protect operational technology layers and elements of industrial enterprises. Aimed at providing a holistic approach to industrial cybersecurity, Kaspersky Industrial CyberSecurity adds value to every stage of the OT security process, from cybersecurity assessment and training to advanced technology and incident response. bring.

reference:
*Kaspersky Industrial Control Systems emergency response team

Distributed by APO Group on behalf of Kaspersky.

For more information, please contact:
Nicole Allman
INK & Co.
[email protected]

Social media:
Facebook: http://bit.ly/3Oi5OTd
Twitter: http://bit.ly/3EhchZX
YouTube: http://bit.ly/3V722y6
Instagram: http://bit.ly/3UJCLuj
Blog: http://bit.ly/3TKrDfa

About Kaspersky:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise translates into innovative security solutions and services that protect businesses, critical infrastructures, governments and consumers around the world. The company’s comprehensive security portfolio includes leading-edge endpoint protection and a number of specialized security solutions and services to combat sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technology, helping 240,000 enterprise clients protect what matters most. For more information, please visit www.Kaspersky.co.za.