Every security officer views remote connections to corporate systems as a potential threat. For infosec experts at industrial enterprises, and especially at critical infrastructure facilities, the threat feels very real.
You can’t blame them for being cautious. Industrial enterprises, for which downtime can mean damage in the millions of dollars, are tempting targets for cybercriminals of all stripes. Ransomware operators are constantly on the lookout for open RDP connections they can use to infect industrial systems. Employees with publicly known e-mail addresses often receive phishing emails with links to Trojans that provide remote access to attackers. Cybercriminals also keep an eye on HVAC operators, which sometimes connect remotely to the heating, ventilation, and air conditioning systems that operate in industrial environments.
And that was before 2020. With its pandemic, varying measures of self-isolation, and global switch to remote working, this year could hardly fail to recalibrate the work of infosec departments. With that in mind, our colleagues decided to learn more about how new conditions are affecting information security, including priorities and approaches, at industrial enterprises. That entailed interviewing cybersecurity decision-makers and policy-influencers at industrial companies worldwide.
Here is what they found: More than half (53%) of respondents admitted that the pandemic has caused a shift to more staff members working from home, which has become a kind of stress test for infosec services. Because of the huge number of external connections, the vast majority of companies are now carrying out periodic assessments of the security level of OT networks (all but 5% of those surveyed had such plans). Many have had to rethink their general approach to perimeter protection; it has become clear that segmentation and workstation protection are no longer enough. Only 7% of respondents stated that their cybersecurity strategy had been reasonably effective during the pandemic.
To find out more about the results of the study, download the full report, “The state of industrial cybersecurity in the era of digitalization.” In addition to explaining how the pandemic has affected the work of industrial security officers, it provides insight into who influences security decisions and how, who the drivers of innovation are, and, above all, the problems cybersecurity departments faced in 2020.