Ramped-up digitalization of industrial organizations with IoT and ICS may create gaping risks that require ground-up security planning: study.
Amid the fallout of pandemic-induced recessions and downturns, industrial organizations are under pressure to implement digital transformation (DX) and Industry 4.0 standards.
For instance, McKinsey & Company’s recent research cited that 90% of manufacturing and supply chain professionals polled had planned to invest in talent for digitization. Where such programs had already been introduced, companies claimed to feel more confident during crises.
Consequently, cybersecurity company Kaspersky has noted that, while organizations were prioritizing DX via the use of 5G and IoT, solutions effective against the increased attack surfaces due to such technologies have yet to become widespread. Its own mini study of 337 global participants cites 20% of companies worrying more about attacks on industrial IoT than serious threats as data breaches (15%) or attacks on the supply chain (15%).
According to the company, addressing these industrial challenges may require security professionals’ involvement, not just IT teams: not all organizations in their study may have felt ready to face threats to IoT. Only 19% of respondents had implemented active network and traffic monitoring, and only 14% had introduced network anomaly detection.
Commented Grigory Sizov, Head of the KasperskyOS Business Unit: “While industrial enterprises will only increase the implementation of connected devices and smart systems, they should strive for the same efficiency level when it comes to protection. To achieve this, protection should be built-in when a project is initiated, and for some companies, it should be done today.”
In Sizov’s view, IIoT components must be secure at their core to eliminate the possibility of an attack on them. “Along with traffic protection and other technologies, this makes the entire system secure by design and this means it becomes immune to cyber-risks,” he said, alluding to his own company’s industrial security solutions.