A recent survey by industrial connector product company Electroustic found what the firm calls industry’s unsustainable approach to information security. The survey showed a lack of information about the most common security risks in an age where industrial internet and remote data access are steadily coming onto the factory floor. A third, 34 per cent of respondents said their companies don’t have an information security policy.
The survey identified hacking as the biggest security concern – with 31 per cent of respondents worried about it – followed by human error (17 per cent) and cloud computing (11 per cent).
While it’s true that most security breaches are caused by outsider attacks, these often come in the form of malicious software and can easily be averted with the correct staff training and appropriate infrastructure.
Paul Carr, managing director and owner of Electroustic, said: “The huge range of available IT security products for industry is a double-edged sword for many companies. Although there are a lot of options to choose from, inexperienced companies can easily end up spending a fortune on IT security systems that might not be appropriate for their specific needs.
“In terms of network security, establishing multi-layered defences using industrial firewalls, like Tofino’s Xenon, is crucial. A reliable industrial firewall should be easy to implement and manage, while also being versatile and rugged. A good IT security system should ensure a company meets and exceeds NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) requirements and ISA/IEC-62443 Standards.”
User education and awareness are two other points in the survey where respondents didn’t fair particularly well, which suggests industrial companies need to do more to tackle the problem.
User security policies describing best practice when using a company’s Information and Communication Technologies (ICT) systems should be formally acknowledged in employment terms and conditions. Also, IT induction programmes should be complemented with regular training on the cyber risks faced as employees and individuals.
The latest industry trends, including industrial internet, remote data access and Industry 4.0 are drastically changing the industry landscape and the skills employees are expected to bring, the company says. Companies need to do more, it argues, to prevent and address IT security breaches and the best way to do so is by training staff, implementing reliable industrial security solutions and keeping up to date with the latest industry developments.
For companies just starting on the road to industry security, the latest version of the UK government’s 10 Steps to Cyber Security guide is available on the GCHQ website (www.gchq.gov.uk).
