Adedapo Adesanya
By Adedapo Adesanya
Global cybersecurity company, Kaspersky, has noted that more than 30 per cent of industrial computers in Nigeria and other African regions were attacked in the first half of the year.
Industrial Control Systems (ICS) computers are used in oil and gas, energy, automotive manufacturing, building automation infrastructures, and other spheres to perform a range of OT functions – from the workstations of engineers and operators to supervisory control and data acquisition (SCADA) servers and Human Machine Interface (HMI).
According to the ICS threat landscape report by Kaspersky, in the first half of 2022, in the African regions, computers in the environment were attacked using multiple means – malicious objects, phishing pages, and spyware.
Cyberattacks on industrial computers are considered extremely dangerous as they may cause material losses and production downtime for the controlled production line and the facility as a whole. Moreover, industrial enterprises put out of service can seriously undermine a region’s social welfare, ecology, and macroeconomics.
Giving a breakdown of malicious objects blocked in Nigeria, the Kaspersky report showed that 34 per cent of malicious objects were blocked. 13 per cent of malicious scripts and phishing pages were blocked in Nigeria, and 8 per cent of spyware were blocked in the country.
Speaking on this, Mr Emad Haffar, Head of Technical Experts at Kaspersky, said, “Sophisticated attacks have increased the demand for better visibility of the cyber-risks that impact industrial control systems. Integrating IT and OT systems has highlighted the need for a comprehensive yet purposely built cybersecurity programme.
“Digital transformation programmes require a new approach to ensure the secure deployment and operation of a variety of new, potentially unsafe devices within plant boundaries. Given this new reality, the Industrial Cybersecurity Maturity Modeling approach might be used to define clear industrial cybersecurity targets and to measure how these targets are met.”
In the first half of 2022, in the Middle East, Turkey, and Africa (META) region, ICS computers in the oil and gas sector often faced attacks (47 per cent of them got attacked). Attacks on building automation systems were in second place – 45 per cent of ICS computers in this sector were targeted. The energy sector was also among the top 3 environments that got attacked (41 per cent of computers there were affected).
In total, over the last six months, various types of malicious objects were blocked on every third ICS computer in South Africa (33 per cent, 11 per cent increase from the second half of 2021), and on 36 per cent of computers in Kenya (20 per cent increase from the second half of 2021). In Senegal, there were 41 per cent of ICS computers on which malicious objects were blocked, in Nigeria – 34 per cent, in Gabon – 38 per cent.
To keep OT computers protected from various threats, Kaspersky experts recommended that there was a need to conduct regular security assessments of OT systems to identify and eliminate possible cyber security issues; establish continuous vulnerability assessments, and triage as a basement for effective vulnerability management process as well as improving the response to new and advanced malicious techniques by building and strengthening your teams’ incident prevention, detection, and response skills.
