Full Report
Malicious objects were blocked on 46.6% and ransomware on 1.0% of ICS computers. Kaspersky ICS CERT identified 103 vulnerabilities in industrial systems, IIoT/IoT systems, and other types of solutions.
Analysis Summary
# Industry News: Kaspersky Releases 2019 ICS Threat Landscape Analysis
## Summary
Kaspersky’s ICS CERT has released its 2019 year-end report, revealing that nearly half (46.6%) of all Industrial Control Systems (ICS) computers encountered malicious activity. The report highlights a critical shift in the vulnerability landscape, with 103 new vulnerabilities identified across industrial and IIoT/IoT environments.
## Key Details
- **Date:** April 24, 2020 (Reporting on FY 2019)
- **Companies Involved:** Kaspersky ICS CERT
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The Kaspersky 2019 report serves as a benchmark for the state of Operational Technology (OT) security. Throughout the year, malicious objects were blocked on 46.6% of ICS computers, maintaining a high baseline of risk for industrial environments. While ransomware specifically targeted 1.0% of these systems, the broader "white noise" of malware remains a significant hurdle for automation.
Notably, Kaspersky's research focused heavily on the growing convergence of IT and OT, uncovering 103 vulnerabilities. These vulnerabilities were not confined to heavy industrial machinery but extended into the IIoT (Industrial Internet of Things) and IoT sectors, reflecting the expanding attack surface as factories and utilities become more "connected."
## Business Impact
### For the Companies Involved
- **Kaspersky:** Reinforces its position as a thought leader and primary intelligence provider in the niche but high-value ICS/OT security market. This report acts as a lead generation tool for their specialized industrial security suite.
### For Competitors
- **Competitive Pressure:** Companies like Dragos, Nozomi Networks, and Forescout must reckon with Kaspersky’s deep visibility into international (specifically EMEA and APAC) industrial data, potentially forcing a more aggressive focus on global threat telemetry.
### For Customers
- **Increased Compliance Costs:** As the prevalence of blocked malware remains high, industrial operators may face increased regulatory pressure and insurance premiums, necessitating higher investments in OT-specific monitoring tools.
### For the Market
- **The "Convergence" Market:** The data confirms that the IIoT/IoT market is maturing faster than its security capabilities, creating a lucrative—yet risky—gap for cybersecurity vendors to fill with specialized solutions.
## Technical Implications
The identification of 103 vulnerabilities suggests a critical weakness in the firmware and software supply chains of industrial vendors. The report highlights that "malicious objects" are often not sophisticated state-sponsored attacks but rather common malware that moves laterally from IT environments to the factory floor via unpatched IIoT devices.
## Strategic Analysis
- **Market Positioning:** Kaspersky is positioning itself as the bridge between traditional endpoint protection and specialized industrial safety.
- **Competitive Advantage:** Direct access to "on-the-ground" data from nearly half of its installed ICS base provides Kaspersky with an unparalleled telemetry advantage.
- **Challenges:** Geopolitical tensions and trust concerns in certain Western markets (US/UK) may limit the adoption of their solutions, despite the high quality of their threat intelligence.
## Industry Reactions
- **Analyst Opinions:** Analysts generally view these figures as a "wake-up call" for the manufacturing sector, noting that the 46.6% figure indicates that many industrial networks are not as "air-gapped" as their operators believe.
- **Market Response:** There is a growing trend toward "Secure-by-Design" in industrial procurement, driven by reports like this that quantify the risks of unmanaged IIoT devices.
## Future Outlook
- **Predictions:** Expect the targeting of IoT/IIoT devices to increase as these systems facilitate more critical business operations (e.g., predictive maintenance and remote monitoring).
- **What to watch for:** A potential surge in supply chain attacks targeting the vendors who manage these industrial platforms.
## For Security Professionals
Practitioners should use this data to justify budget for **OT-specific visibility tools**. The high percentage of blocked objects indicates that standard IT antivirus may not be enough; professionals should prioritize network segmentation (micro-segmentation) and implement rigorous patching schedules for IIoT gateways, which are clearly being surfaced as the new weak link in the industrial chain.