JAKARTA - The average number of cyber incidents per year in industrial companies has increased significantly over the past few years.
The data was obtained from a survey conducted by Kaspersky, and communicated with employees of industrial companies from 17 countries around the world. The respondents were asked questions about cyber incidents and attitudes to deal with them.
The research showed that they were able to identify seven factors that significantly minimize the harm from cybersecurity incidents in the industry. Check out the explanation below.
Availability of specialized operational technology specialization departments
Almost every industrial company has some kind of operational technology security (OT) team. However, often instead of creating and funding an OT security department, the work is assigned to an IT security department or even a general IT department.
These departments do not always understand the operational technology specifications sufficient to provide the required level of protection. In order to minimize the risks and consequences of incidents in industrial networks, companies need an OT security team that has the best resources and quality.
A clearly structured decision-making process
Often problems in an industrial company arise because of organizational mistakes, when security management consists of departments that are not related to each other.
As a result, companies purchase security solutions that duplicate each other's functionality, there is insufficient visibility of industrial processes, data collected from endpoints and sensors is used inefficiently, and implementation of new projects is delayed due to complex approvals.
Have a legacy infrastructure management strategy
Industrial cybersecurity (Industrial control system/ICS) often uses tools that were built before people had a rough idea of the level of digitalization of modern industry to come.
Therefore, great care is needed in building control systems for outdated or outdated industrial network circuits, programmable logic controllers, surveillance and data acquisition control (SCADA) systems, and other OT elements.
They are all required to be inventoried and security specialists must regularly scan the equipment for critical vulnerabilities or accidental damage.
Introducing security solutions designed specifically for industrial ecosystems
It is not possible to deliver the security of an ICS environment using a standard cybersecurity solution. They can effectively tackle random general cyber attacks, but will not detect threats specific to industrial processes.
In addition, sometimes they can negatively affect the continuity of the technological process. To avoid this, you need a solution specifically designed for industrial environments.
Have an OT/IT convergence strategy with IIoT in mind
The increasing digitization of industrial processes implies an increasing level of integration between OT and IT environments. A key element of this integration is the use of Industrial Internet of Things (IIoT) devices, public cloud services, and IIoT gateways.
All of these elements often become vulnerabilities through which attackers can reach industrial systems. It is unrealistic to stop this digital evolution process, therefore it is necessary to develop a plan to securely integrate operational and information technology in advance.
Quick incident response
One way or another, the incident was impossible to completely avoid. But when it does occur, it is imperative that the root cause of the problem can be identified and addressed as quickly as possible. The sooner it is done, the less costs the company incurs both financially and reputationally.
Therefore, it is very important for industrial companies to have mature rapid response regulations and teams capable of doing so.
“In the past, asset owners assumed that the protection and automation systems responsible for the core business processes of industrial organizations would not be compromised over the life of the equipment, which lasts for decades with possible exceptions such as occasional setting changes,” said Kirill Naboyshchikov, Business Development Manager, Kaspersky Industrial Cybersecurity.
Naboyshchikov added that it is common practice for the commission system as a whole and to carry out complete retesting and recommissioning if any changes need to be made.
However, with the introduction of the next generation of digital automation systems, there are many instances where this may no longer be the case.
"Therefore, both general-purpose and special-purpose computer-based automation systems should be equipped with the following security subsystems and tools and processes: vendor-approved, holistic, and centrally managed protection systems; permanent vulnerability monitoring and compliance scanning; network intrusion and detection anomalies; to updates, patch management, and version control.” he added.
Seriously consider staff training
Finally, you should not forget the importance of safety-centered behavior of company employees. If you want to minimize the impact of a security-related incident, you may need to train your staff on security fundamentals and strictly monitor compliance with internal regulations.
One way or another, the human factor is behind most incidents: someone unknowingly uses a compromised personal password, connects a phone to a computer behind an air gap, clicks on a link to a malicious website, and so on.
Everyone should clearly understand what can and cannot be done in an industrial company, especially if it is an important and critical infrastructure facility.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
