The main barriers that inhibit or delay implementation of industrial cybersecurity projects are the inability to stop production and a bureaucratic approval process, new research shows.
Those are the results of a new report by Kasperksy that show the top reasons why industrial cybersecurity projects do not end up implemented. The inability to stop production came in on top at 34%, bureaucratic steps such as a lengthy approval process came in at 31% and having too many decision-makers rounded out the top three at 23%, according to Kaspersky. These barriers are becoming more critical due to the ongoing COVID-19 pandemic as they can affect the implementation of pandemic-driven operational technology (OT) security initiatives.
Each year, there is an increasing amount of high-profile attacks hitting industrial control systems (ICS). The pandemic lockdown introduced its own set of challenges in addition to the existing threat landscape. Industrial firms had to adapt to new norms including remote work, overnight digitalization and new hygiene requirements, as well as specific pandemic-driven threats such as a massive growth in phishing attacks. As a result, organizations must be sure their protection is up to date and there are no open doors for malicious actions in ICS networks.
While ongoing production will always be an issue when it comes to implementing technology, survey participants responded most of the barriers they face when implementing cybersecurity initiatives for ICS environments refer to bureaucratic challenges rather than technical obstacles. In total, 46% of organizations face red tape delays. In addition to the most prevalent obstacle, long approval times and numerous decision-makers, prolonged supplier selection and purchasing processes, as well as interference from other departments, also ended up a pain point.
These barriers may become even more critical in the current post-lockdown period. The survey found 46% of organizations expect to see changes in their OT security priorities as a result of the pandemic. These organizations will likely need to shift their security strategy at a moment’s notice and quickly implement new cybersecurity practices. Due to the specific requirements of OT, the barriers for implementation can complicate and slow down the process even more. Some organizations will need to be even more conscious as 24% of respondents said they try to overcome these difficulties with decreased OT security budgets.
“It’s always more difficult to invest money and resources in projects without a clear return on investment, such as with cybersecurity initiatives,” said Georgy Shebuldaev, head of growth center at Kaspersky. “And while cybersecurity for OT is still a developing area, all these management barriers are quite natural.”
This article originally appeared on ISSSource’s website. ISSSource is a CFE Media content partner.
Original content can be found at isssource.com.
Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.