Full Report
The global percentage of ICS computers on which malicious objects were blocked decreased from Q1 2024 to 23.5%. But the figure increased in four regions. Regionally, the percentage ranged from 11.3% in Northern Europe to 30% in Africa.
Analysis Summary
# Industry News: Global ICS Threat Landscape Shows Regional Divergence in Q2 2024
## Summary
The global percentage of Industrial Control Systems (ICS) computers targeting by malicious objects declined to 23.5% in Q2 2024, down from the previous quarter. However, this downward trend is non-uniform, with four major global regions—most notably Africa and Southeast Asia—experiencing a rise in attack activity.
## Key Details
- **Date:** November 21, 2024 (Data reflecting Q2 2024)
- **Companies Involved:** Kaspersky ICS CERT (Primary reporter)
- **Category:** Market Analysis / Threat Intelligence
## The Story
Kaspersky’s latest ICS CERT report highlights a complex shift in the industrial cybersecurity landscape. While global aggregate numbers show a decrease in the percentage of ICS computers where malicious objects were blocked (dropping to 23.5%), the regional data reveals a growing digital divide. Africa (30%), Southeast Asia (27.2%), and Latin America (25.1%) remain high-risk zones, with Africa and Southern Europe being among the regions that saw an increase in activity compared to Q1 2024.
The report suggests that while overall security posture may be improving in mature markets like Northern Europe (11.3%), industrial automation systems in developing regions are facing intensified pressure from automated malware, social engineering, and persistent high-volume threats.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Reaffirms its position as a dominant leader in industrial telemetry and specialized threat intelligence. This data-driven reporting maintains their influence in the "Industrial Cyber" niche despite geopolitical headwinds.
### For Competitors
- **Operational Technology (OT) Security Vendors:** High regional variance creates a "localized sales" requirement. Competitors like Dragos, Nozomi Networks, and Claroty must pivot marketing and engineering resources to high-growth, high-threat regions like Africa and Southeast Asia.
### For Customers
- **Asset Owners:** Organizations with global footprints must move away from "one-size-fits-all" security policies. A facility in Northern Europe requires a different risk profile and investment strategy than a facility in Africa or Latin America.
### For the Market
- **Insurance and Risk Management:** This data provides a basis for more granular cyber insurance premiums based on geographic risk, potentially increasing costs for industrial firms operating in high-threat regions.
## Technical Implications
The data suggests a persistent reliance on internet-connected industrial computers, which remain the primary entry point for blocked malware. Even as organizations modernize, the "air-gap" myth continues to erode, with technical vulnerabilities often manifesting in the integration layers between IT and OT.
## Strategic Analysis
- **Market Positioning:** Threat intelligence is becoming a prerequisite for OT infrastructure sales. Security is no longer an "add-on" but a core component of industrial digital transformation (Industry 4.0).
- **Competitive Advantage:** Firms that can provide localized, region-specific threat hunting and incident response will outperform those offering generic global solutions.
- **Challenges:** Supply chain complexity in emerging markets makes it difficult to maintain uniform security standards across distributed industrial assets.
## Industry Reactions
- **Analyst Opinions:** Analysts note that the slight global decrease is not a sign of attackers "giving up," but rather a shift in tactics toward more targeted, lower-volume, higher-impact attacks that may not always trigger generic "blocked object" telemetry.
- **Market Response:** There is an increasing demand for Managed Detection and Response (MDR) services specifically tailored for industrial environments to alleviate the shortage of local OT security talent.
## Future Outlook
- **Predictions:** Expect a continued rise in ransomware targeting manufacturing in Southeast Asia as those economies further digitize their production lines.
- **What to watch for:** A potential surge in attacks targeting renewable energy infrastructure in Africa as investment in that sector grows, outpacing the deployment of robust cybersecurity frameworks.
## For Security Professionals
Practitioners should prioritize **geographic-specific threat modeling**. If your organization operates in the four regions where threat activity increased, security budgets and monitoring frequency should be adjusted accordingly. The decline in global numbers should not be interpreted as a decrease in risk, but rather a signals of shifting adversary focus toward less-defended regional infrastructures.