Given the plethora of known cases of cyberattacks, it is astonishing just how lightly many companies are obviously continuing to take the threat. Only in March this year, an attack on Norwegian aluminum manufacturer Norsk Hydro led to a brief 1% increase in the global market price of aluminum, reports TÜV Rheinland . However, 40% of the 370 companies surveyed for the “Industrial Security” study stated that they have never assessed the risks posed by cyberattacks. Only one in five companies have tailored their cybersecurity measures to their production facilities. The experts believe that the biggest problem here is the fact that IT departments are still responsible for cybersecurity, yet Operational Technology requires its own budget and expertise.
Moreover, industrial companies too often focus on the wrong thing, says Jörg von der Heydt from Skybox Security on German online portal datensicherheit.de . They usually focus on protecting themselves from unauthorized access or data theft, when it is in fact attackers’ potential to shut down entire plants that poses them the biggest risk. It is therefore crucial to gain an overall picture of the relevant vulnerabilities.