Full Report
Kaspersky ICS CERT experts virtually provided ICS Training for Executives
Analysis Summary
# Industry News: Kaspersky Delivers Executive ICS Awareness Training
## Summary
Kaspersky ICS CERT successfully conducted its first virtual, promotional Industrial Cybersecurity (ICS) Executive Training session on November 17, 2020, reaching 51 executives from 22 countries. This outreach effort underscores the growing recognition that industrial control systems are a significant target, requiring dedicated C-suite awareness regarding ICS-specific threats and operational differences from traditional IT.
## Key Details
- Date: November 17, 2020 (Announcement date derived from publication date: December 1, 2020)
- Companies Involved: Kaspersky ICS CERT
- Category: Company Announcement / Service Offering Promotion
## The Story
Kaspersky ICS CERT experts delivered a shortened version of their 3-hour Industrial Cybersecurity Executive Training virtually. The session covered cybersecurity basics in industrial systems, the differences between ICS and IT networks, the impact of IoT on ICS security, and included a demonstration of an attack on a virtual company's IT segment. The training received exceptionally high feedback, with 90% of participants reporting that the training met their expectations and intending to roll out similar awareness programs for their own employees. This indicates strong pent-up demand among industrial leadership for actionable security education tailored to Operational Technology (OT) environments.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Successfully validated the demand and format for their specialized executive training product, generating positive testimonials, immediate customer intent for further training uptake, and bolstering their reputation as a thought leader in the critical infrastructure protection space.
### For Competitors
- Competitors offering general cybersecurity training may find themselves at a disadvantage unless they can demonstrate equivalent, specialized expertise in the nuances of OT/ICS security tailored for management audiences.
### For Customers
- Existing and potential Kaspersky customers gain access to vital education designed to bridge the gap between executive decision-making and operational technology requirements, reducing the risk posed by human error or unawareness at the leadership level.
### For the Market
- Highlights the increasing need for robust, tailored security education for non-technical decision-makers in industrial sectors, signaling a maturation in how organizations view cyber risk management across the IT/OT convergence.
## Technical Implications
The training touched upon the critical technical differentiators between IT and ICS environments, including demonstrations of attacks against OT segments, emphasizing that generic IT security frameworks are insufficient for protecting industrial operations.
## Strategic Analysis
- **Market Positioning:** Kaspersky is strategically positioning itself not just as a vendor of security tools, but as a comprehensive partner offering educational services crucial for building organizational cyber resilience in the industrial sector.
- **Competitive Advantage:** By focusing training specifically on executive understanding—ensuring budget allocation and strategic alignment—Kaspersky addresses a pain point often ignored by technical vendors, creating a strong entry point into broader security contracts.
- **Challenges:** Scaling the delivery of high-quality, specialized training globally while maintaining the tailored, expert-level interaction demonstrated in this pilot remains a logistical challenge.
## Industry Reactions
- **Analyst opinions:** Analysts likely view this as a positive indicator of executive engagement in OT security, validating Gartner/Forrester predictions about the necessity of cross-functional security awareness programs.
- **Expert commentary:** Experts consistently point to insider threats or misconfigurations stemming from poor executive oversight as major vectors in industrial incidents, making this training highly valuable.
- **Market response:** The high satisfaction rate suggests that organizations are actively seeking solutions to upskill leadership on complex OT cyber risks.
## Future Outlook
- **Predictions and expectations:** Kaspersky will likely expand its virtual executive training offerings globally and potentially see this success lead to customized enterprise contracts focused on organizational transformation rather than just tool deployment.
- **What to watch for:** Increased emphasis on executive-level metrics (KPIs/KRIs) related to OT cyber readiness, driven by the kind of awareness this training imparts.
## For Security Professionals
This event underscores the responsibility security teams have to *translate* technical risks into business language their executives understand. Professionals should leverage such validated content (or create their own) to drive necessary security investments and policy changes mandated by C-level awareness.