TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Industrial security in the age of hybrid working
Cybercriminals have become acutely attuned to exploiting every stage of the pandemic.
Change Size
Cyber security: The logo of the National Cyber and Encryption Agency (BSSN) is seen on the agency’s office in Jakarta on March 15, 2019. The agency has asked Facebook and Twitter to help act against accounts that spread hatred and false news. (JP/Dhoni Setiawan)
G
lobal cyber breaches have reached record levels in recent months. As the pandemic subsides, new hybrid working models are here to stay – along with a globally widened attack surface for businesses.
Cybercriminals have become acutely attuned to exploiting every stage of the pandemic, calculating how they can tap loopholes in new working methods and processes for their own gain. The annual “State of The Phish” report from Proofpoint reports an “explosion of pandemic-themed phishing scams” and a continued surge in ransomware attacks.
What’s more, Internet of Things attacks specifically are on course to quadruple, having crossed the 1.51 billion mark in the first half of this year as compared to 639 million in 2020, Kaspersky data shows.
As such, security leaders must raise awareness across their organizations, and empower individuals to do their part. Now is the time to ramp up enterprise cybersecurity practices and work with employees to help minimize the risks.
In the context of Cybersecurity Awareness Month, AVEVA highlights five key strategies to help industrial organizations stay ahead of cyber criminals.
First, revise your endpoint strategy. As hybrid working continues to become the norm, the number of endpoints is likely to expand over the future. Security leaders can mitigate current threats by implementing a unified endpoint management strategy that does not rely on internet connectivity. Endpoint security can no longer be a bolt-on solution but must be seamlessly incorporated into prevailing security architecture, facilitating a coordinated approach to incident management.
Second, implement tiered access. The principle of least privilege management determines which individuals within an organization can view sensitive information. Access is limited to a small number of C-level users and to those who need it to perform their jobs. The strategy reduces the attack surface available to hackers. Network segmentation, privileged identity management and systems hardening are some routes to implementing least privilege management.
Third, beef up threat response capacity. Building out dedicated threat detection and response capabilities against advanced persistent threats will help the enterprise identify targeted attacks and stop them before significant damage occurs. Automated detection systems can gather security and event data from endpoint devices across the network and provide the visibility required to stay ahead of emerging threats.
Fourth, patch it up. Regular patch management ensures that all organizational software is up to date and that known vulnerabilities have been fixed. Similarly, compliance measures protect the confidentiality and integrity of data.
Fifth, training and more training.
As simple as it sounds, training up your staff can prevent the large majority of attacks breaking through. The National Cybersecurity Alliance recommends that cybersecurity be made part of employee onboarding, and that staff are trained to be mindful of cybersecurity as they log onto IT and OT systems each day.
Deloitte estimates that 40 percent of manufacturing firms experienced a cyberattack last year, with 38 percent of those suffering from over US$1 million in damages. With so much at stake, it is everyone’s responsibility to help build a safer and more resilient world.
***
The writer is chief information security officer at AVEVA.
