Reduce Business Disruption - Make Cyber Security A Priority

Ninety-three percent of Industrial Control Systems (ICS) security professionals are very concerned about cyber-attacks causing operational shutdown or customer-critical downtime. In an effort to prepare against such threats, 77% have made ICS cyber security investments over the past two years, but 50% still feel that current investments are not enough.
 
This is from a recent survey for Tripwire conducted by Dimensional Research and its respondents included 263 ICS security professionals at energy, manufacturing, chemical, dam, nuclear, water, food, automotive and transportation organisations shows these sever results.
 
“Cyber-attacks against critical infrastructure and manufacturers pose a real threat to the safety, productivity and quality of operations..... In these environments, where virtual and physical converge, cyber events can interfere with an operator’s ability to view, monitor or control their processes. Investing in cyber-security should be a priority in protecting operations from disruption.” said  Kristen Poulos, vice president and general manager of industrial cybersecurity at Tripwire speaking to HelpNetSecurity
 
Of the 50% who felt current investments were not enough, 68% believe it would take a significant attack in order for their organisations to invest more. Only 12% of all respondents expressed a high level of confidence in their ability to avoid business impact from a cyber event. 
 
In assessing industrial organisations’ current set of basic cyber-security capabilities, the survey found the following:
 
• Only 52% have more than 70% of their assets tracked in an asset inventory.
• Almost one-third (31%) of organisations do not have a baseline of normal behavior for their operational technology (OT) devices and networks.
• Less than half (39%) do not have a centralised log management solution in place for their OT devices.
Poulos added: “Visibility, although the first step, is commonly the biggest hurdle when it comes to protecting ICS environments from cyber-attacks.
 
Organisations can gain visibility of their OT networks without disrupting their processes by following methods that meet the unique needs and requirements of OT devices. “This includes passive monitoring of network traffic to identify assets, and baselining normal activity to spot anomalies, and analysing log data for indications of cyber events.....With that visibility, organisations can effectively implement additional protective controls, such as industrial firewalls to segment critical assets and establish secure conduits.” said Poulos
 
Additional findings include:
 
• About half (49%) said that collaboration between IT and OT has improved over the past two years.
• More indicated that IT is taking the lead on ICS security (44%) vs. OT (14%); 35% said it is evenly split between IT and OT.
• More than three-fourths (79%) say there is a gap in training OT and IT staff on the unique needs and requirements for securing OT environments. 
 
Of those who made cyber-security investments over two years (77%), education and training was the most common investment (82%) and GoCyber is one we at Cyber Security Intelligence (CSI) recommend. 
 
For information and adcice on Cyber Traing please contact Cyber Security Intelligence.
 
Tripwire:           Help Net Security:
 
You Might Also Read:
 
Five Trends In Attacks On Industrial Control Systems:
 
 
« Just A Normal Day At The Office For Huawei
Small & Medium Businesses Are Under Increasing Risk Of Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

CLUSIS

CLUSIS

CLUSIS is an association for the information security industry in Switzerland.

SoftLock

SoftLock

Softlock is a regional leader in Information Security providing solutions, consulting, integration and testing services to protect information assets, identities and supporting infrastructure.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

Nassec

Nassec

Nassec is a Cyber Security firm dedicated to providing the best vulnerability management solutions. We offer tailor-made cyber security solutions based upon your requirements and nature of business.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

Infosec Ventures

Infosec Ventures

Infosec Ventures incubates and scales cyber security innovators that solve inefficiencies in cyber security.