The weak spot in security systems? It's people! Every day over 6.4 trillion fake e-mails are sent worldwide - e-mails that are scarcely distinguishable from real ones, loaded with virus-infected attachments, dangerous links and misleading information. But despite all the talk about industrial security, half of those e-mails actually succeed in achieving their goal. How is that possible?
Digitalization has revolutionized the world. It has changed the way we search for products, how we pay for them and how they are delivered to us. And it is also changing the face of industry, as processes are automated, machines turned into interconnected "whiz kids", and vast amounts of data transferred back and forth.
Anyone who is dependent on data is vulnerable to attacks. And without an IT security strategy, companies run the risk of incurring financial damage and production downtimes. In the past two years, attacks on German industrial enterprises have caused 43.4 billion euros in damage.
80 % of all cyberattacks are aimed at human vulnerability
Whenever the topic involves industrial security, terms like network security, data security, plant security and machine security are quickly brought up. Current studies however indicate that the real source of danger isn't technical or mechanical in nature, but human. Did you know that more than 80% of all cyberattacks are targeted at human vulnerability and are often successful as a result?
"Illegal knowledge transfer, technology theft, social engineering and even economic sabotage are not rare, isolated cases, but actually a mass phenomenon," says Thomas Haldenwang, Vice President of the Federal Office for the Protection of the Constitution.
Damage prevention by giving in-house security courses
This may sound disturbing at first, but it's actually good news, since it is an easy task to train employees - for example, by providing them with clear guidelines and rules of conduct. Training can help promote awareness of the various types of attacks, helping employees act safely and sensibly.
Would you know what to do if you found a USB thumb drive in the restroom? What happens if you received an e-mail from your manager asking for your access data? Can you be sure the e-mail actually came from him or her? In order to minimize the risk of attack at your company, the first thing you need to do is to implement IT security training.
Danger has many faces
But what to do about external attackers? They often use existing vulnerabilities to invade systems or disrupt processes. In order to deny them access, those vulnerabilities must be detected and repaired - preferably before the attacker discovers them. Industrial security is not a physical quantity, but rather a moving target. Measures to combat cyber threats therefore need to be constantly updated. And companies have no choice but to deal with this on a regular basis.
How to optimize data security at your company
There are several ways to implement security measures, not all of which require a huge investment:
This security strategy makes life difficult for intruders by creating new and constantly changing obstacles. The trick is to create the highest possible number of obstacles on as many levels as possible.
2. Zones and conduits
Zones where devices with similar security requirements are located need to be sealed off from each other by means of firewalls or secure routers. That way, only devices that are truly authorized can send and receive data via the lines between the zones.
Although routers and switches have features that support security mechanisms, it is advisable to add firewalls to the mix.
4. Patch management
Software updates that have been poorly installed or entirely ignored represent a gateway for attackers, computer viruses and other malware. In programming, a "patch" refers to software that has been developed to update, optimize, or troubleshoot a computer program and/or its supporting data. That way, for example, you can close a security gap in an existing software application on your system. Take advantage of patch management to keep your software secure (including third-party software like office applications, PDF readers, etc.)
Specialists are available to address industrial security issues in major plant environments. At the next HANNOVER MESSE you can meet the experts from companies like Siemens or Pilz.
Sophos reveals five cyberattack trends
Security concepts reaching their limits
With Oncite, data remain in the company
Fraunhofer is extending its range of Trusted Hardware
Cybercriminals target IoT
Max Planck researcher develops protection against hackers
Interested in news about exhibitors, top offers and trends in the industry?
Your web browser is outdated. Update your browser for more security, speed and optimal presentation of this page.Update Browser