Reduce Business Disruption - Make Cyber Security A Priority

Uploaded on 2019-10-23 in FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing

Ninety-three percent of Industrial Control Systems (ICS) security professionals are very concerned about cyber-attacks causing operational shutdown or customer-critical downtime. In an effort to prepare against such threats, 77% have made ICS cyber security investments over the past two years, but 50% still feel that current investments are not enough.
 
This is from a recent survey for Tripwire conducted by Dimensional Research and its respondents included 263 ICS security professionals at energy, manufacturing, chemical, dam, nuclear, water, food, automotive and transportation organisations shows these sever results.
 
“Cyber-attacks against critical infrastructure and manufacturers pose a real threat to the safety, productivity and quality of operations..... In these environments, where virtual and physical converge, cyber events can interfere with an operator’s ability to view, monitor or control their processes. Investing in cyber-security should be a priority in protecting operations from disruption.” said  Kristen Poulos, vice president and general manager of industrial cybersecurity at Tripwire speaking to HelpNetSecurity
 
Of the 50% who felt current investments were not enough, 68% believe it would take a significant attack in order for their organisations to invest more. Only 12% of all respondents expressed a high level of confidence in their ability to avoid business impact from a cyber event. 
 
In assessing industrial organisations’ current set of basic cyber-security capabilities, the survey found the following:
 
• Only 52% have more than 70% of their assets tracked in an asset inventory.
• Almost one-third (31%) of organisations do not have a baseline of normal behavior for their operational technology (OT) devices and networks.
• Less than half (39%) do not have a centralised log management solution in place for their OT devices.
Poulos added: “Visibility, although the first step, is commonly the biggest hurdle when it comes to protecting ICS environments from cyber-attacks.
 
Organisations can gain visibility of their OT networks without disrupting their processes by following methods that meet the unique needs and requirements of OT devices. “This includes passive monitoring of network traffic to identify assets, and baselining normal activity to spot anomalies, and analysing log data for indications of cyber events.....With that visibility, organisations can effectively implement additional protective controls, such as industrial firewalls to segment critical assets and establish secure conduits.” said Poulos
 
Additional findings include:
 
• About half (49%) said that collaboration between IT and OT has improved over the past two years.
• More indicated that IT is taking the lead on ICS security (44%) vs. OT (14%); 35% said it is evenly split between IT and OT.
• More than three-fourths (79%) say there is a gap in training OT and IT staff on the unique needs and requirements for securing OT environments. 
 
Of those who made cyber-security investments over two years (77%), education and training was the most common investment (82%) and GoCyber is one we at Cyber Security Intelligence (CSI) recommend. 
 
For information and adcice on Cyber Traing please contact Cyber Security Intelligence.
 
Tripwire:           Help Net Security:
 
You Might Also Read:
 
Five Trends In Attacks On Industrial Control Systems:
 
 
« Just A Normal Day At The Office For Huawei
Small & Medium Businesses Are Under Increasing Risk Of Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

Mixed Mode

Mixed Mode

Mixed Mode is a specialist in embedded and software engineering for applications including IoT and secure embedded systems.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

National Cybersecurity Competence Centre (NC3) - Czech Republic

National Cybersecurity Competence Centre (NC3) - Czech Republic

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Keysight Technologies

Keysight Technologies

Keysight is dedicated to providing tomorrow’s test technologies today, enabling our customers to connect and secure the world with their innovations.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

Federal Bureau of Investigation (FBI) - USA

Federal Bureau of Investigation (FBI) - USA

The mission of the FBI is to protect and defend against intelligence threats, uphold and enforce criminal laws, and provide criminal justice services.

Cyber Dexterity

Cyber Dexterity

Cyber Dexterity deliver tailored advisory and learning solutions that empower your people, customers and key stakeholders with lasting skills and capabilities.