Full Report
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Analysis Summary
# Industry News: Kaspersky Reveals Divergent Global Threat Trends in ICS Environments for H2 2022
## Summary
Kaspersky ICS CERT’s H2 2022 report highlights a stabilizing global threat landscape for industrial control systems (ICS), with 40.6% of computers attacked—a slight increase from the previous year. However, the data reveals significant regional disparity, with high-income and developed regions seeing record lows in threat activity while developing regions and specific sectors like Energy and Engineering face intensifying pressure.
## Key Details
- **Date:** March 6, 2023 (Reporting on H2 2022 data)
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Market Analysis / Threat Intelligence Report
## The Story
The report analyzes telemetry from ICS computers protected by Kaspersky products to provide a comprehensive view of the industrial threat landscape. In the second half of 2022, the percentage of ICS computers on which malicious objects were blocked rose to 34.3%. While global figures show moderate fluctuations, the "story" is one of regional bifurcation.
Developed regions (North America, Western Europe) are seeing a continued decrease in the percentage of attacked ICS computers, likely due to mature cybersecurity investments and air-gapping strategies. Conversely, Africa and Southeast Asia saw 40%+ attack rates. The report identifies the internet as the primary source of threats (22.6%), followed by email (11.7%) and removable media (3.2%). Notably, the "Engineering and ICS Integration" sector saw the highest percentage of attacks (41.5%), indicating that threat actors are targeting the supply chain and service providers to gain access to industrial end-users.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Strengthens its position as a global authority on OT (Operation Technology) security. By providing granular data by industry (Energy, Oil & Gas, Automotive), Kaspersky positions itself as a strategic consultant rather than just a software vendor.
### For Competitors
- **Competitive landscape impact:** Rival firms (Claroty, Dragos, Nozomi) will need to pivot their marketing to address the high-risk "Engineering and Integration" vertical. The data suggests that securing the *vendor* is now as critical as securing the *plant floor*.
### For Customers
- **Impact on end users:** Industrial firms in Africa, Asia, and the Middle East are facing a higher "threat tax." Companies in these regions must allocate more budget to basic perimeter defenses (email and web filtering) as these remain the dominant entry points.
### For the Market
- **Broader market implications:** There is a growing gap between "high-security" and "low-security" industrial regions. This may lead to changes in cyber insurance premiums and international trade compliance requirements regarding digital supply chain integrity.
## Technical Implications
The report highlights a trend toward "living off the land" techniques and the use of malicious scripts and redirected internet threats. A critical technical takeaway is that while removable media (USB) attacks are lower (3.2%) than internet threats, they remain the most common path for highly targeted, air-gapped environment breaches.
## Strategic Analysis
- **Market Positioning:** Kaspersky is emphasizing its "threat intelligence-led" approach to OT security.
- **Competitive Advantage:** Access to vast telemetry across disparate geographic regions (especially non-Western markets) provides a more holistic global view than regional competitors.
- **Challenges:** Ongoing geopolitical tensions continue to affect Kaspersky's market share in specific Western government sectors, despite the high quality of their ICS-CERT data.
## Industry Reactions
- **Analyst opinions:** Analysts view the 40%+ attack rate in Engineering/Integration as a "red alert" for supply chain security.
- **Market response:** Increased focus on "Asset Visibility" and "Network Segmentation" as the data shows internet-facing ICS components remain the most vulnerable link.
## Future Outlook
- **Predictions:** Expect a continued rise in attacks targeting the Energy sector (currently at 39.1%) as global energy volatility makes these attractive targets for state-sponsored and hacktivist groups.
- **What to watch for:** A shift in focus from "malware volume" to "attack persistence" within the industrial supply chain.
## For Security Professionals
Cybersecurity practitioners should prioritize **Email Security** and **Web Filtering** even for ICS environments, as these remain the top two attack vectors. Furthermore, organizations should audit their **ICS Integrators and third-party maintenance providers**, as the data shows these entities are currently the most targeted sector in the industrial ecosystem.