Industry IT security shortfalls persist – Does Industry know its I from its T?

A recent survey conducted by industrial connector specialist Electroustic revealed industry’s unsustainable approach to information security. The survey showed a pressing lack of information about the most common security risks in an age where industrial internet and remote data access are steadily being implemented on the factory floor. An impressive 34% of respondents said their companies don’t have an information security policy.
 
The survey identified hacking as the biggest security concern – with 31% of respondents worried about it – followed by human error (17%) and cloud computing (11%).
 
While it’s true that most security breaches are caused by outsider attacks, these often come in the form of malicious software and can easily be averted with the correct staff training and appropriate infrastructure.
 
“The huge range of available IT security products for industry is a double-edged sword for many companies,” explained Paul Carr, managing director and owner of Electroustic. “Although there are a lot of options to choose from, inexperienced companies can easily end up spending a fortune on IT security systems that might not be appropriate for their specific needs.
 
“In terms of network security, establishing multi-layered defences using industrial firewalls, like Tofino’s Xenon, is crucial. A reliable industrial firewall should be easy to implement and manage, while also being versatile and rugged. A good IT security system should ensure a company meets and exceeds NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) requirements and ISA/IEC-62443 Standards.”
 
User education and awareness are two additional points in the Electroustic survey where respondents didn’t fair particularly well, which suggests industrial companies need to do more to tackle the problem.
 
User security policies describing best practice when using a company’s Information and Communication Technologies (ICT) systems should be formally acknowledged in employment terms and conditions. Additionally, IT induction programmes should be complemented with regular training on the cyber risks faced as employees and individuals.
 
The latest industry trends, including industrial internet, remote data access and Industry 4.0 are drastically changing the industry landscape and the skills employees are expected to bring to the table. Companies need to do more to prevent and address IT security breaches and the best way to do so is by training staff, implementing reliable industrial security solutions and keeping up to date with the latest industry developments.
 
For companies just starting on the road to industry security, the latest version of the UK government’s 10 Steps to Cyber Security guide is available on the GCHQ website (www.gchq.gov.uk).