Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: Kaspersky Reports Volatile Threat Landscape for Industrial Systems in H1 2021
## Summary
Kaspersky’s ICS CERT division has released its semi-annual analysis of the industrial control systems (ICS) threat landscape, revealing that 33.8% of industrial computers faced cyber-attacks during the first half of 2021. The report highlights a significant rise in internet-borne threats and a shift toward more geographically targeted malicious activity against critical infrastructure.
## Key Details
- **Date:** September 9, 2021
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The report analyzes statistical data from ICS computers protected by Kaspersky security products, categorized specifically as industrial infrastructure (OT/ICS environments). While the overall percentage of attacked computers decreased slightly compared to the end of 2020, the first half of 2021 saw an increase in the diversity of threats. Specifically, the report identifies the Internet as the primary source of infection (18.2%), followed by removable media and email clients.
Geographic disparities remain stark; while developed regions like Northern Europe saw attack rates as low as 8.1%, regions like Vietnam, India, and Algeria saw rates exceeding 40-50%. The data suggests that as industrial facilities continue their digital transformation journeys, the boundary between traditional IT and Operational Technology (OT) is blurring, exposing legacy systems to web-based threats they were never designed to handle.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Solidifies its position as a dominant provider of specialized OT security intelligence, leveraging its massive global sensor network to provide "on-the-ground" visibility that differs from traditional IT security telemetries.
### For Competitors
- **Competitive landscape impact:** Firms like Dragos, Claroty, and Palo Alto Networks must contend with Kaspersky’s deep visibility into emerging markets where industrial growth is high, forcing competitors to enhance their own global threat-hunting capabilities.
### For Customers
- **Impact on end users:** Industrial operators are alerted to the fact that "air-gapping" is largely a myth in the modern era; the rise in internet-borne threats indicates that even "isolated" systems are frequently exposed via maintenance connections or dual-homed systems.
### For the Market
- **Broader market implications:** The data reinforces the need for "Secure by Design" industrial components. The persistent threat to ICS environments is driving increased capital expenditure (CapEx) toward cybersecurity within industrial automation budgets.
## Technical Implications
The report highlights an increase in the use of specialized spyware and ransomware variants specifically targeting industrial data. There is a notable trend in the use of multifaceted attack chains where initial access is gained via the web, followed by lateral movement into the OT layer where legacy, unpatched protocols (like Modbus or S7) are exploited.
## Strategic Analysis
- **Market Positioning:** Kaspersky positions itself as the primary bridge between the IT and OT worlds, focusing on the "Industrial Cyber-Immunity" concept.
- **Competitive Advantage:** Access to data from a vast array of industrial endpoints in high-risk regions (Middle East, Asia) provides a data richness that Western-centric competitors may lack.
- **Challenges:** Ongoing geopolitical tensions continue to hamper Kaspersky’s adoption in certain Western government sectors, despite the technical depth of their ICS CERT findings.
## Industry Reactions
- **Analyst opinions:** Market analysts view this report as a confirmation that the "post-pandemic" digital acceleration in manufacturing has led to a wider attack surface.
- **Market response:** There is a growing consensus that general-purpose IT security tools are insufficient for the specialized needs of the ICS environment, as evidenced by the high percentage of threats blocked specifically by ICS-tailored protections.
## Future Outlook
- **Predictions:** Ransomware-as-a-Service (RaaS) groups are expected to increasingly focus on the manufacturing sector due to the high pressure to avoid downtime.
- **What to watch for:** Increased regulation globally regarding "Critical Infrastructure Protection" (CIP), forcing boards of industrial companies to treat cyber risk as a Tier-1 operational risk.
## For Security Professionals
Cybersecurity practitioners in the industrial space should focus on "egress filtering" for industrial networks. Given that the internet is the top infection vector, disabling unnecessary web access from engineering workstations and implementing robust USB device policies are no longer optional—they are foundational requirements for maintaining plant uptime.