sb-eu logo
Story image

Report: Industrial sector must make security top priority in digital transformation

06 May 2018

The industrial sector cannot afford to wait until they refresh their entire asset fleet before they secure operations – in fact, they must start today.

Research conducted by Honeywell and LNS Research says that despite many organisations’ plans to explore digital transformation projects, the adoption of cybersecurity capabilities and technology are still low.

The research polled 1004 respondents, of which 130 completed a more detailed IIoT survey. From the detailed survey, the research firm discovered that 40% of companies have started an IIoT initiative.

The report says that digital transformation is a long-term business initiative, not a short-term solution. The top issue that respondents face is the implementation of industrial cybersecurity.

“Industrial cybersecurity is now central to business strategy, not an afterthought. Security at every level should be a prerequisite for the deployment of new technologies,” the report says.

Although 53% of respondents say their organisations has experienced a cybersecurity breach, the report says attack sources can come from different directions. Some can be IT-focused, some on OT, some malicious, and others can be accidental.

Out of the 130 detailed responses, 9% said they have experienced a denial of service attack; 8% were hit by a malware attack from another part of enterprise; 5% had been hacked for malicious purposes; 4% had been hacked for non-malicious purposes; 2% had been targeted by government-sponsored attacks and only 1% had experienced a direct attack on control systems.

“Even though direct attacks on control systems are rare, a company is fooling itself if it believes its control system is inherently secure,” the report says.

Although firewalls and access control were the main ways organisations secure their plants, malicious attacks don’t necessarily need the internet as part of an infection chain. 19% say they have experienced a breach through removable media.

“Organizations should also note that within a plant network, many IT assets also have known vulnerabilities. According to LNS Research survey data, Microsoft is the market share leader providing software for the plant floor. With so many plants relying on Microsoft technology, when there are major IT security events, they undoubtedly impact the industrial sector,” the report says.

The research further reveals that 45% of the 130 respondents have a chief of cybersecurity in their organisation, and 51% don’t have a head of cybersecurity for manufacturing.

Industrial firms are lacking in the areas of documentation and policy management, particularly when they are managed by OT. Only 38% of the 130 respondents say they have a definitive list of connections to their plant and what data can flow through them.

Furthermore, 20% said they don’t conduct regular risk assessments; 25% never conduct penetration testing on their firewalls; and 38% don’t continually monitor plant systems and networks for unusual behaviour.

The report says that CEOs must understand that any industrial cybersecurity event could affect the success of any digital transformation initiatives.

“For this reason it is important to realize that success in digital transformation depends on success with industrial cybersecurity,” the report says.

The research polled 1004 respondents from industrial companies in Asia Pacific, North America, South America, Europe, the Middle East and Asia. 130 respondents completed the detailed survey.

Respondents worked in sectors including industrial equipment; oil and gas; automotive; life sciences; aerospace and defense; food and beverage; chemicals; electronics; utilities; consumer packages, and others.

Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Bring Your Own PC security to transform businesses within five years - Gartner
“Prior to the COVID-19 pandemic, there was little interest in BYOPC."More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More