Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: Kaspersky Industrial Control Systems (ICS) Threat Landscape Report H2 2019
## Summary
Kaspersky’s ICS CERT release reveals a slight decline in the percentage of industrial computers attacked globally, yet highlights a pivot toward more sophisticated, targeted threats. The data underscores a growing regional disparity in industrial security posture, with emerging markets facing significantly higher risk profiles than developed economies.
## Key Details
- **Date:** April 24, 2020 (Reporting on H2 2019 data)
- **Companies Involved:** Kaspersky ICS CERT
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The report provides a deep dive into the statistical data derived from industrial infrastructure protected by Kaspersky products. In the second half of 2019, Kaspersky observed that 39.2% of ICS computers were targeted by malicious objects, a decrease from previous periods. Despite this overall drop, the report highlights that the diversity of malware and the sophistication of delivery mechanisms—primarily the internet (25.1%), removable media (8.3%), and email (4.9%)—continue to pose systemic risks to industrial automation.
Geographically, the report notes a sharp divide: countries in Southeast Asia, Africa, and Central Asia saw infection rates as high as 60%, while Northern Europe and North America hovered around 10-15%. This suggests that while global averages are dipping, the "security debt" in rapidly industrializing nations is creating fertile ground for cyber-physical disruption.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Solidifies its position as a dominant thought leader in the Operational Technology (OT) security space, leveraging its massive install base to provide granular telemetry that competitors often lack.
### For Competitors
- **Competitive Landscape Impact:** Pure-play OT security firms (like Dragos or Nozomi) are pressured to match this level of global telemetry. Kaspersky’s data reinforces that "commodity" malware remains a major OT entry point, potentially detracting from the "state-sponsored" niche marketing used by some competitors.
### For Customers
- **Impact on End Users:** Asset owners in high-risk regions are faced with rising insurance premiums and the urgent need for capital expenditure on security upgrades. The report highlights that even "unintentional" infections can lead to operational downtime.
### For the Market
- **Broader Market Implications:** The data suggests a maturing market where basic "hygiene" is improving in some sectors, but the convergence of IT and OT continues to expand the attack surface faster than many organizations can defend it.
## Technical Implications
The report identifies that the internet remains the primary source of infection for ICS. This challenges the "air-gap" myth, proving that most industrial sites have persistent, perhaps unmonitored, connections to the external web. Innovations in detection now must focus on "living off the land" techniques and legitimate software being weaponized within industrial environments.
## Strategic Analysis
- **Market Positioning:** Kaspersky is positioning its ICS CERT as an essential public utility for global industrial policy, moving beyond a simple software vendor to a strategic intelligence partner.
- **Competitive Advantage:** Massive global footprint allows for "macro-analysis" of threat trends that smaller firms cannot replicate.
- **Challenges:** Ongoing geopolitical tensions regarding Russian-linked software continue to hamper Kaspersky’s market share in US and UK government-linked industrial sectors, regardless of the quality of their data.
## Industry Reactions
- **Analyst Opinions:** Analysts generally view the H2 2019 data as a "calm before the storm," noting that while percentages decreased, the impact of a single successful breach is growing as ICS systems become more integrated.
- **Market Response:** Increased interest in "secure-by-design" hardware for the industrial sector, as software-based protection remains a reactive measure.
## Future Outlook
- **Predictions:** Expect a continued shift from widespread opportunistic attacks to highly localized, sector-specific campaigns (e.g., targeting energy grids or water treatment).
- **What to Watch for:** The impact of the burgeoning 5G rollout on industrial IoT (IIoT) connectivity, which will likely spike the "Internet" infection vector in 2020-2021 reports.
## For Security Professionals
Practitioners should note that the decline in global percentages does not equate to a decrease in risk. The report emphasizes that **removable media** remains a Top 3 threat vector for ICS—meaning physical port security and "sheep dip" stations for USB drives remain as critical as firewalls. Security teams should focus on "lateral movement" prevention within the OT layer, as most threats enter via standard IT pathways.