The average number of cyberincidents per year in industrial enterprises has increased significantly over the past few years. Our colleagues conducted a survey, speaking with employees of industrial enterprises from 17 countries around the world. They asked questions about cyberincidents and the attitude toward cyber risks. As a result, they were able to identify seven factors that significantly mitigate the outcomes of the incidents.
Availability of a specialized OT security department
Almost every industrial enterprise has an operational technology (OT) security team of some kind. However, often instead of creating and funding an OT security department, the job is assigned to IT security or even general IT departments. These departments do not always understand the specifics of the operational technologies enough to provide the necessary level of protection. To minimize both risks and consequences of incidents in industrial networks, an enterprise needs a well-resourced and appropriately qualified OT security team.
Clearly structured decision-making process
Often problems in an industrial enterprise arise due to organizational mistakes, when the management of security is divided between departments that are not related to each other. As a result, companies purchase security solutions that duplicate each other’s functions, visibility of the industrial process is becomes less than adequate, data collected from the endpoints and sensors is used inefficiently, and the implementation of new projects is delayed due to intricate approvals. This is all without mentioning the fact that the OT and cybersecurity departments are starting to compete for budgets.
Having a legacy infrastructure management strategy
Industrial cybersecurity (ICS) often uses equipment that was created before people had a rough idea of what level of digitalization modern industry would come to. Therefore, it is necessary to be extremely careful in building a control system for an array of outdated industrial networks, programmable logic controllers, supervisory control and data acquisition (SCADA) systems, and other OT elements. They should all be inventoried and security specialists should regularly scan such equipment for critical vulnerabilities or failures resulting from wear and tear.
Introducing security solutions designed specifically for industrial environments
It is impossible to ensure the security of ICS environments using standard cybersecurity solutions. They will effectively cope with random general cyberattacks, but they will not detect threats specific to industrial process. Moreover, sometimes they can negatively affect the continuity of technological processes. To avoid this, you need solutions that were specifically designed for industrial environments.
Having an OT/IT convergence strategy with IIoT in mind
The increasing digitalization of industrial processes implies an increase in the level of integration between OT and IT environments. Key elements of this integration are the use of Industrial Internet of Things (IIoT) devices, public cloud services and IIoT gateways. All these elements often become a vulnerability through which attackers can reach industrial systems. It is not realistic to stop this process of digital evolution, therefore it is necessary to develop a plan to securely integrate operational and information technologies in advance.
Rapid incident response
One way or another, incidents are unlikely to be completely avoided. But when they do happen, it’s vital that the problem is identified and coped with as quickly as possible. The faster it is done, the less it will cost the company both financially and reputationally. Therefore, it is especially important for industrial enterprises to have mature rapid response rules and a team that is able to do it.
Taking staff training seriously
Lastly, you should not forget about the importance of security-centric behaviors of the company’s employees. If you want to minimize impacts of the security-related incidents, you probably need to train your staff in security basics and strictly monitor the compliance with internal regulations. One way or another, the human factor is behind the vast majority of incidents: someone used a compromised personal password, someone connected a phone to a computer behind an air gap, someone clicked on a link to malicious website and so on. People must clearly understand what can and cannot be done at an industrial enterprise, especially if it is a critical infrastructure facility.
You can find the complete results of our survey 7 Keys To Improving OT Security Outcomes: Kaspersky ICS Security Survey 2022 after completing a brief form.