Despite constant data breaches, compromises, and the expensive damage control which follows, the majority of industrial enterprises are failing to protect their businesses according to a new survey.
On Wednesday, US conglomerate Honeywell released new research into the state of security in the industrial sector.
Titled, “Putting Industrial Cyber Security at the Top of the CEO Agenda,” an in-depth poll of 130 industrial companies revealed that almost two-thirds of those surveyed — a total of 63 percent — admitted they do not monitor for suspicious behavior, and 45 percent do not even have a cybersecurity expert or manager in place.
Despite over half of these companies, 53 percent in total, reporting that they have already been the victim of at least one cybersecurity breach, 20 percent still do not conduct regular risk assessments.
In addition, 25 percent of those surveyed said they never conducted penetration testing, while 13 percent said this practice — which can discover holes in network security before attackers do — occurs less than once every 12 months.
The industrial Internet of Things (IIoT), through the use of sensors, Internet of Things (IoT) devices, embedded connectivity in control components and data analytics, can vastly improve industrial processes.
However, the more connectivity you introduce into a network, the more opportunities there may be for cyberattackers to infiltrate such systems. Together with long upgrade cycles commonly found in industry, businesses may be setting themselves up for a cybersecurity incident.
In June this year, Honda was forced to stop production at a manufacturing plant after WannaCry struck internal systems and barely a week later, employees were locked out of Chernobyl’s radiation monitoring systems due to a successful Petya ransomware campaign.
It is up to other industrial businesses to learn from these examples and tighten up their own controls to prevent becoming a fresh victim of cybercriminals in the future.
“Decision makers are more aware of threats and some progress has been made to address them, but this report reinforces that cybersecurity fundamentals haven’t been adopted by a significant portion of the industrial community,” said Jeff Zindel, vice president and general manager of Honeywell Industrial Cyber Security for Critical Infrastructure & IIoT. “In order to take advantage of the tremendous benefits of industrial digital transformation and IIoT, companies must improve their cybersecurity defenses and adapt to the heightened threat landscape now.”
See also: Harnessing IoT in the enterprise
According to Honeywell, industrial companies need to take security far more seriously if they are going to lower the risk of successful cyberattacks.
As part of this process, firms should drive best practice adoption across their staff and systems; make industrial cybersecurity part of the discussion in business transformation, instill security at every point in the product cycle and focus on building a structure which brings security solutions and industrial operations together.