Reduce Business Disruption - Make Cyber Security A Priority

Ninety-three percent of Industrial Control Systems (ICS) security professionals are very concerned about cyber-attacks causing operational shutdown or customer-critical downtime. In an effort to prepare against such threats, 77% have made ICS cyber security investments over the past two years, but 50% still feel that current investments are not enough.
 
This is from a recent survey for Tripwire conducted by Dimensional Research and its respondents included 263 ICS security professionals at energy, manufacturing, chemical, dam, nuclear, water, food, automotive and transportation organisations shows these sever results.
 
“Cyber-attacks against critical infrastructure and manufacturers pose a real threat to the safety, productivity and quality of operations..... In these environments, where virtual and physical converge, cyber events can interfere with an operator’s ability to view, monitor or control their processes. Investing in cyber-security should be a priority in protecting operations from disruption.” said  Kristen Poulos, vice president and general manager of industrial cybersecurity at Tripwire speaking to HelpNetSecurity
 
Of the 50% who felt current investments were not enough, 68% believe it would take a significant attack in order for their organisations to invest more. Only 12% of all respondents expressed a high level of confidence in their ability to avoid business impact from a cyber event. 
 
In assessing industrial organisations’ current set of basic cyber-security capabilities, the survey found the following:
 
• Only 52% have more than 70% of their assets tracked in an asset inventory.
• Almost one-third (31%) of organisations do not have a baseline of normal behavior for their operational technology (OT) devices and networks.
• Less than half (39%) do not have a centralised log management solution in place for their OT devices.
Poulos added: “Visibility, although the first step, is commonly the biggest hurdle when it comes to protecting ICS environments from cyber-attacks.
 
Organisations can gain visibility of their OT networks without disrupting their processes by following methods that meet the unique needs and requirements of OT devices. “This includes passive monitoring of network traffic to identify assets, and baselining normal activity to spot anomalies, and analysing log data for indications of cyber events.....With that visibility, organisations can effectively implement additional protective controls, such as industrial firewalls to segment critical assets and establish secure conduits.” said Poulos
 
Additional findings include:
 
• About half (49%) said that collaboration between IT and OT has improved over the past two years.
• More indicated that IT is taking the lead on ICS security (44%) vs. OT (14%); 35% said it is evenly split between IT and OT.
• More than three-fourths (79%) say there is a gap in training OT and IT staff on the unique needs and requirements for securing OT environments. 
 
Of those who made cyber-security investments over two years (77%), education and training was the most common investment (82%) and GoCyber is one we at Cyber Security Intelligence (CSI) recommend. 
 
For information and adcice on Cyber Traing please contact Cyber Security Intelligence.
 
Tripwire:           Help Net Security:
 
You Might Also Read:
 
Five Trends In Attacks On Industrial Control Systems:
 
 
« Just A Normal Day At The Office For Huawei
Small & Medium Businesses Are Under Increasing Risk Of Attack »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Cigniti Technologies

Cigniti Technologies

Cigniti Technologies provides Independent Software Testing (IST) Services including software security testing.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

Baffin Bay Networks

Baffin Bay Networks

Baffin Bay Networks operates globally distributed Threat Protection Centers™, offering DDoS protection, Web Application Protection and Threat Inspection.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

eMazzanti Technologies

eMazzanti Technologies

eMazzanti Technologies provides IT consulting services for businesses ranging from home offices to multinational corporations throughout the USA and internationally.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Def-Logix

Def-Logix

Def-Logix was founded in 2008 to help solve cyber threats being experienced by government agencies of the United States.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.