Kaspersky found that red tape is the main barrier for cybersecurity initiatives in industrial sector
The recent Kaspersky report ‘State of Industrial
Cybersecurity in the Era of Digitalization’ has revealed the
main barriers that inhibit or delay implementation of
industrial cybersecurity projects. The most common
obstacles include the inability to stop production (34%),
and bureaucratic steps, such as a lengthy approval process
(31%) and having too many decision-makers (23%). These
barriers may become a critical point in light of COVID-19
because they can affect the implementation of pandemic-
driven operational technology (OT) security initiatives
The cybersecurity race doesn’t slow down, and every year
many incidents, including high-profile attacks, are hitting
industrial control systems (ICS). The pandemic lockdown
introduced its own challenges in addition to the existing
threat landscape. Industrial firms have to adapt to new
norms including remote work, overnight digitalization and
new hygiene requirements, as well as specific pandemic-
driven threats such as a massive growth inphishing .
attacks Organizations need to make sure their
protection is up to date with these changes and there are
no open doors for malicious actions in ICS networks.
The above barriers however are what organizations will
have to overcome when implementing cybersecurity
projects. Remarkably, most of them refer to bureaucratic
rather than technical obstacles – in total, almost half of
organizations (46%) face red tape delays. In addition to
the most prevalent – long approval times and numerous
decision-makers – these barriers include protracted
supplier selection and purchasing processes, as well as
interference from other departments.
Typical barriers in the implementation of OT/ICS security projects
These barriers may become even more critical in the
current post-lockdown period. The survey revealed that
almost half of organizations (46%) expect to see changes
in their OT security priorities as a result of the pandemic.
These organizations will probably need to shift their
security strategy on-the-fly and quickly implement new
cybersecurity practices. While it can be challenging
generally, due to the specific requirements of OT, the
barriers for implementation can complicate and slow down
the process even more. Some organizations will need to be
even more conscious as they try to overcome these
difficulties with decreased OT security budgets (24%).
“It’s always more difficult to invest money and resources in
projects without a clear return on investment, such as with
cybersecurity initiatives. And while cybersecurity for OT is
still a developing area, all these management barriers are
quite natural. As a vendor, it is up to us to help customers
eliminate these obstacles and simplify and speed up the
implementation of protection measures. Our task here is to
make ROI more transparent and showcase the risks for
businesses so customers can understand the benefits from
the very beginning and better justify them to C-suite or the
board if needed”, commented Georgy Shebuldaev, Head of
Growth Center at Kaspersky.
In order to help industrial organizations accelerate the
implementation of industrial cybersecurity projects,
Kaspersky suggests the following steps:
- If an organization doesn’t have enough experience and practice in complex ICS security projects, it’s better to implement solutions step by step: start with building organizational processes and adopting basic cybersecurity measures such as security gateways and endpoint protection. Then move to more complex projects such as network monitoring, intrusion prevention and SIEM. Industrial standards, such as ISO or IEC guidelines, can help to organize methods and increase the speed of project execution.
- Introduce a practice whereby all new OT systems are implemented with cybersecurity built-in. This should simplify further protection processes and give the OT security team the ability to test new protection tools on these parts of the infrastructure.
- Enable education and training for all teams including specific ICS security training for IT security and OT engineers and awareness to all employees. This will help different teams understand the risks and responsibilities of each other and increase the overall level of consciousness about cybersecurity.
- Choose a reliable cybersecurity solution for OT components and networks, as well as trusted partners
- for implementation. Kaspersky Industrial
- CyberSecurity solution includes dedicated protection
- for endpoints and network monitoring as well as ICS
- expert services and intelligence. The services enable
- cybersecurity assessment, incident response and
- obtaining the latest data about emerging threats and
- how to address them. The results of cybersecurity
- assessments may be helpful in justifying
- protectionprojects to the boardTo read the full report ‘State of Industrial Cybersecurity in the Era of Digitalization’ please visit the web page. More information about Kaspersky solutions for industria
- l organizations can be found.