Russian multinational cybersecurity and anti-virus provider Kaspersky Lab, in its latest report has revealed that 46 per cent of the industrial control system (ICS) computers it monitors in Rwanda were attacked with malware in 2022.
Though the cybersecurity company does not disclose information related to the total number of ICS devices it protects in individual countries, its ICS experts told The New Times that there are over 50,000 ICS computers protected by Kaspersky solutions in the African region in the spheres of manufacturing, energy, oil, and gas, as well as building automation, and so on.
ALSO READ: Why cybersecurity is critical today more than ever
ICS computers, according to Kaspersky, include Windows computers that perform one or several of the following functions of supervisory control and data acquisition (SCADA) servers, data storage servers (Historian), data gateways (OPC), stationary workstations of engineers and operators, mobile workstations of engineers and operators, and Human Machine Interface (HMI).
The data contained in the report was received from ICS computers protected by Kaspersky products.
Attacked computers are those on which Kaspersky security solutions were triggered at least once during the selected period. When determining percentages of machines on which malware infections were prevented, the ratio of unique computers attacked to all ICS computers from which Kaspersky received anonymised information during the specified period is used.
ALSO READ: Why SMEs should take cyber security seriously
"Kaspersky collects data both from ICS machines that are constantly online and from those that are online only periodically,” read a statement from Kaspersky.
The statistics also include data received from computers of operational technology network administrators and developers of software for industrial automation systems.
Globally, the report said that throughout 2022, 40 per cent of ICS computers were attacked with malware. In Africa, the figure sits at 47 per cent.
For countries monitored on the African continent, the three countries which experienced the most attacks on ICS infrastructure were Ethiopia (62 per cent), Algeria (59 per cent), and Burundi (57 per cent).
These were followed by Rwanda (46 per cent), Kenya (41 per cent), Nigeria and Zimbabwe (both standing at 40 per cent), Ghana (39 per cent), Zambia (38 per cent), and South Africa and Uganda (both stand at 36 per cent).
"This is a high growth threat landscape in Africa that no public or private sector entity, especially in critical sectors like energy and mining, can ignore,” Kaspersky’s statement read.
Kaspersky tech expert and consultant in the Middle East and African region, Brandon Muller, said, "One infected USB drive or a single spear-phishing email is all it takes for cyber criminals to bridge the air gap and penetrate an isolated ICS network.”
He added: "Traditional security is not adequate to protect industrial environments from rapidly evolving cyber threats. As attacks against critical infrastructure increase, choosing the right approach to secure systems has never been more important.”
When contacted, officials at the National Cyber Security Authority (NCSA), indicated that malware attacks to industrial control systems have been on the increase globally.
"NCSA called for continued users of such systems to remain vigilant but assured that the systems in Rwanda remain secure from such attempted attacks,” reads a statement from the Authority’s communication office.