Kaspersky report reveals concerning vulnerability in Sri Lanka’s industrial infrastructure

Sri Lanka has emerged as a regional leader in a troubling cybersecurity metric, according to the latest Q2 2025 Industrial Control Systems (ICS) cybersecurity report from Kaspersky ICS CERT. The island nation recorded the highest percentage in South Asia for threats spreading through network folders in industrial computer systems, with a rate of 1.07pct, significantly higher than the regional average.

The comprehensive regional analysis reveals that while South Asia overall ranked ninth globally for industrial cybersecurity threats, with 19.3% of industrial computers experiencing blocked malicious objects, the region faces distinct challenges in protecting critical infrastructure systems that control power grids, manufacturing facilities, and essential services.

Sri Lanka's concerning leadership in network folder threats highlights a specific security gap in the nation's industrial infrastructure. Network folders, while typically considered a lower-level threat source, can become conduits for viruses, worms, mining malware, and spyware to spread across interconnected industrial systems.

"The high rate of network folder threats in Sri Lanka indicates potential weaknesses in network segmentation and access controls within industrial environments," the report suggests. These vulnerabilities could allow malicious software to propagate across critical systems, potentially disrupting essential services and manufacturing processes.

Across South Asia, the report identifies significant cybersecurity challenges that affect all countries in the region, including Sri Lanka:

Internet-Based Attacks: South Asia ranks third globally for internet threats targeting industrial systems, with 10.40% of computers affected. These attacks include denylisted internet resources, malicious scripts, phishing pages, web miners, and malicious documents.

Removable Media Risks: The region shows concerning vulnerability to threats from USB drives and other removable storage devices, with rates 1.7 times higher than the global average. This suggests inadequate controls over physical media in industrial environments.

Email Security Gaps: While email threats showed some improvement, the region still faces risks from malicious documents, spyware, and phishing attempts targeting industrial systems through corporate email networks.

The report reveals that biometric systems infrastructure faces the highest threat levels globally (27.2%), followed by building automation systems (23.4%) and electric power facilities (21.4%). In South Asia specifically, biometric systems also lead the regional threat rankings.

Critical industries showing elevated risk include electric power facilities, manufacturing plants, building automation systems, engineering and integration companies.

To address these vulnerabilities, cybersecurity experts recommend immediate action: Network Security: Organizations should implement robust network segmentation to prevent the spread of malware through shared folders and improve access controls across industrial networks. Regular Assessments: Companies operating critical infrastructure should conduct comprehensive security evaluations to identify and eliminate potential cyber vulnerabilities before they can be exploited.

Rapid Response Capabilities: Installing advanced endpoint detection and response (EDR) solutions can help identify sophisticated threats quickly and enable effective incident remediation. Staff Training: Dedicated operational technology (OT) security training for both IT security personnel and industrial operators is essential for preventing, detecting, and responding to emerging threats.

As Sri Lanka continues to digitize its industrial infrastructure and embrace Industry 4.0 technologies, addressing these cybersecurity challenges becomes increasingly critical. The interconnected nature of modern industrial systems means that vulnerabilities in one area can cascade across entire networks, potentially affecting essential services that citizens depend on daily.

The findings underscore the need for coordinated efforts between government agencies, private sector operators, and cybersecurity professionals to strengthen the nation's industrial cyber defenses and protect critical infrastructure from evolving threats. Organizations operating industrial control systems are urged to review their current security postures and implement recommended protective measures to safeguard against the growing sophistication of cyber threats targeting critical infrastructure.