Digitalization of industrial infrastructure is underway, and 55% of organizations said the Industrial Internet of Things (IIoT) will have the strongest impact on operational technology/industrial control system (OT/ICS) cybersecurity, according to a report by ARC Advisory Group and Kaspersky.
When asked which digital technologies do respondents expect to impact their traditional automation technology, 55% indicated methods such as cloud and edge computing along with OT components being connected to the Internet topped the list . The reason why cloud and edge computing are often mentioned is probably psychological, according to the report. While cloud computing has already proven its reliability in other application areas, the industry currently still has security concerns about using cloud data or applications.
Along those lines, 20% of organizations have already prioritized IoT-related incidents, but effective solutions against IoT threats are not yet widespread, according to the report conducted by ARC Advisory Group for Kaspersky.
Industrial organizations continue to implement digitalization and Industry 4.0 standards. Even despite the market slowdown as a result of the COVID-19 pandemic, digitalization is still being adopted. At the same time, the growing number of digitalization projects, such as industrial IoT, raises awareness of the associated risks.
One-in-five companies said attacks on Industrial Internet of Things (IIoT) have already become one of their main cybersecurity concerns, bypassing such serious threats as data breaches (15%) or attacks on the supply chain (15%). Addressing them requires security professionals’ involvement. In 2020, 44% of of the enterprises surveyed said IT security personnel are working on initiatives to protect digitalized OT systems.
The report also showed not all organizations may feel ready to face threats to IoT. Only 19% of companies have implemented active network and traffic monitoring, and 14% have introduced network anomaly detection as these solutions allow security teams to track anomalies or malicious activity in IoT systems.
“While industrial enterprises will only increase the implementation of connected devices and smart systems, they should strive for the same efficiency level when it comes to protection,” said Grigory Sizov, head of KasperskyOS business unit. “To achieve this, protection should be built-in when a project is initiated, and for some companies, it should be done today. IIoT components must be secure at their core to eliminate the possibility of an attack on them. Along with traffic protection and other technologies, this makes the entire system secure by design and this means it becomes immune to cyber-risks.”
To ensure IIoT systems are used effectively and safely, organizations should do the following:
- Consider protection at the very beginning of IIoT implementation by using dedicated security solutions.
Assess the status of a device’s security before its implementation. Preferences should be given to devices that have cybersecurity certificates and products from those manufacturers that pay more attention to information security.
- Conduct regular security audits and provide the security team responsible for protecting IoT systems with up-to-date threat intelligence.
- Establish procedures for obtaining information on relevant vulnerabilities in software and applications, and available updates to ensure proper and timely responses to any incidents.
- Implement cybersecurity solutions designed to analyze network traffic and detect anomalies and prevent IoT network attacks, then integrate the analysis into the enterprise network security system.
ICS/IIoT taxonomy needed for cybersecurity
Industrial controller cybersecurity best practices
Cybersecurity required for safe IIoT robots