5 ways to protect industrial security in the new age of hybrid work

With the volume and frequency of cybercrimes having risen significantly in recent months, staying abreast of these threats and protecting industrial systems is paramount, says Tim Grieveson, CISO, AVEVA

Breaches across the internet of things (IoT) alone are on course to quadruple, having crossed the 1.51 billion mark in the first half of this year as compared to 639 million in 2020, Kaspersky data shows. Approximately 74% of organizations worldwide attribute business-impacting cyberattacks to technology put in place during the pandemic, according to a survey by Forrester Consulting and Tenable. Worryingly, a significant focus for many of these new attacks seems to be major energy and food supply infrastructure: In the US alone this year, hackers and hijackers have targeted gas pipelines, water treatment plants and food processing giants.

As such, security leaders must raise awareness across their organizations, and empower individuals to do their part. Now is the time to ramp up enterprise cybersecurity practices and work with employees to help minimize the risks. To coincide with Cybersecurity Awareness Month, AVEVA enumerates 5 key strategies to help industrial organizations stay ahead of cyber criminals.


Regular compliance and patching

Regular patch management ensures that all organizational software is up to date and that known vulnerabilities have been fixed. Similarly, compliance measures protect the confidentiality and integrity of data. Updating SCADA and ICS systems in line with advisories from the US Cybersecurity Incident Security Agency will ensure both aspects are taken care of and keep organizations one step ahead of the hackers.

Implement cohesive endpoint strategy

With hybrid workforces continuing to be the norm even for industrial organizations, securing endpoints remains a challenge. While the number of endpoints is only likely to expand over the future, security leaders can mitigate current threats by implementing a unified endpoint management strategy that does not rely on internet connectivity. Endpoint security can no longer be a bolt-on solution but must be seamlessly incorporated into prevailing security architecture, facilitating a coordinated approach to incident management.

Understanding Industrial Cybersecurity Threat Vectors

Enable tiered access by way of a privilege management strategy

The principle of least privilege management determines which individuals within an organization can view sensitive information. Access is limited to a small number of C-level users and to those who need it to perform their jobs. The strategy reduces the attack surface available to hackers. Network segmentation, privileged identity management and systems hardening are some routes to implementing least privilege management.

Dedicated threat detection and response capabilities

Building out dedicated threat detection and response capabilities against advanced persistent threats will help the enterprise identify targeted attacks and stop them before significant damage occurs. Automated detection systems can gather security and event data from endpoint devices across the network and provide the visibility required to stay ahead of emerging threats.

Regular training

Last but not least, regular training is essential to ensure staff stay abreast of threats and implement best practices that protect the organization, but also safeguard their own data.

The National Cybersecurity Alliance recommends that cybersecurity be made part of employee onboarding, and that staff are regularly trained to keep cybersecurity front of mind as they log onto IT and OT systems each day.

The cost of cybersecurity attacks can weigh heavily on organizations. Deloitte estimates that 40 per cent of manufacturing firms experienced a cyber-attack last year, with 38 per cent of those suffering from over $1 million in damages. With so much at stake, it is everyone’s responsibility to help build a safer and more resilient world. Do your part. #BeCybersmart.

Visit the AVEVA Trust Center website for more information on how AVEVA ensures your digital security.