Securing industrial digital transformation
25 February 2022
Today, all businesses and organisations across the world are going through a period of rapid digital transformation. From banks offering more services online, businesses adopting hybrid working, or industrial organisations deploying automation at scale to take over manual processes, the digital evolution is upon us and our reliance on technology has never been greater.
By evolving towards a digital future, organisations are seeing benefits in the way of increased efficiency, improved competitive advantage and greater growth and revenue prospects. However, digital transformation also comes with one major downside, the risk of organisations falling victim to cyberattacks has never been greater.
Cyber crime is widely regarded as the biggest threat organisations face today; with estimates predicting it will cost the world $10.5 trillion annually by 2025. As organisations’ reliance on technology increases, the repercussions of attacks grow, which is especially true for industrial organisations where cyber attacks can cause electrical blackouts, gas shortages and even the failure of nuclear equipment.
In the industrial sector digital transformation, where internet connectivity is being added into plants, is effectively improving productivity, increasing safety, facilitating hybrid working and enabling significant costs savings.
However, this increased connectivity has opened a world of doors for the maliciously minded. Today, operational technology (OT) and plant machinery, which were traditionally air gapped to anyone outside plant walls, are being connected to enterprise IT and the internet, which means if they are not secured properly, they are potentially accessible to anyone with an internet connection. If a malicious attacker was able to access these systems, they could do anything from changing chlorine levels in water, shutting down fuel supplies or even disrupting the supply of essential services into society.
Given the risks, the cyber security of digital transformation efforts needs to be the number one priority for all industrial organisations. But where do they begin?
Developing security programs for industrial digital transformation
When it comes to building out cyber security programs for industrial organisations, it is vital they cover people, process and technology. This is the best way to ensure security is built into the heart of all digital transformation efforts and that there are no gaps that could be exploited maliciously.
Three key components of this include:
People: Nurture a cyber security conscious culture
Employees can be an industrial organisation’s greatest weakness, or greatest weapon, so to limit the chances of them becoming the former, education on cyber risks is essential. Teach staff about threats, promote the importance of cyber security and provide training regularly. It is also essential to discuss the risks digital transformation efforts can bring into organisations and how attackers can use connected OT to access industrial networks. Teach employees always to be alert for threats and model good behaviour when employees come forward to report suspicious activity.
Process: What else should we be doing?
Security is not a product, it’s a process that is all about identifying risks and continually working to reduce the attack surface. This means organisations must assess security regularly and constantly ask themselves about what else they can do to improve their efforts. Additionally, run incident response regularly to identify weaknesses and then prioritise hardening the gaps that would have the biggest impact if they were exploited maliciously. Also, ensure security is embedded in all operational and business functions and carry out regular security checks on suppliers.
Technology: How are we monitoring our assets?
As more machinery and OT is connected to the internet, this creates new gateways for attackers, so ensuring each of these is secured is essential. This means keeping an up-to-date inventory of devices and securing them to ensure there are no gaps that could be exploited maliciously. You can’t protect what you can’t see, so having visibility into all connected devices is the most critical security requirement for digital transformation, because as connectivity across the network grows, so does the attack surface.
Digital transformation offers many benefits to industrial organisations, but if security is not embedded into its foundations the disadvantages will significantly outweigh the gains. This means industrial organisations must prioritise cyber security in tandem with their digital transformation projects, ensuring it spans across people, processes and technology to secure their assets.
Contact Details and Archive...