Every day over 6.4 trillion fake e-mails are sent worldwide - e-mails that are scarcely distinguishable from real ones, loaded with virus-infected attachments, dangerous links and misleading information. But despite all the talk about industrial security, half of those e-mails actually succeed in achieving their goal. How is that possible?show more
Digitalization has revolutionized the world. It has changed the way we search for products, how we pay for them and how they are delivered to us. And it is also changing the face of industry, as processes are automated, machines turned into interconnected "whiz kids", and vast amounts of data transferred back and forth.
Anyone who is dependent on data is vulnerable to attacks. And without an IT security strategy, companies run the risk of incurring financial damage and production downtimes. In the past two years, attacks on German industrial enterprises have caused 43.4 billion euros in damage.
80 % of all cyberattacks are aimed at human vulnerability
Whenever the topic involves industrial security, terms like network security, data security, plant security and machine security are quickly brought up. Current studies however indicate that the real source of danger isn't technical or mechanical in nature, but human. Did you know that more than 80% of all cyberattacks are targeted at human vulnerability and are often successful as a result?
"Illegal knowledge transfer, technology theft, social engineering and even economic sabotage are not rare, isolated cases, but actually a mass phenomenon," says Thomas Haldenwang, Vice President of the Federal Office for the Protection of the Constitution.
Damage prevention by giving in-house security courses
This may sound disturbing at first, but it's actually good news, since it is an easy task to train employees - for example, by providing them with clear guidelines and rules of conduct. Training can help promote awareness of the various types of attacks, helping employees act safely and sensibly.
Would you know what to do if you found a USB thumb drive in the restroom? What happens if you received an e-mail from your manager asking for your access data? Can you be sure the e-mail actually came from him or her? In order to minimize the risk of attack at your company, the first thing you need to do is to implement IT security training.
Danger has many faces
But what to do about external attackers? They often use existing vulnerabilities to invade systems or disrupt processes. In order to deny them access, those vulnerabilities must be detected and repaired - preferably before the attacker discovers them. Industrial security is not a physical quantity, but rather a moving target. Measures to combat cyber threats therefore need to be constantly updated. And companies have no choice but to deal with this on a regular basis.
How to optimize data security at your company
There are several ways to implement security measures, not all of which require a huge investment:
This security strategy makes life difficult for intruders by creating new and constantly changing obstacles. The trick is to create the highest possible number of obstacles on as many levels as possible.
2. Zones and conduits
Zones where devices with similar security requirements are located need to be sealed off from each other by means of firewalls or secure routers. That way, only devices that are truly authorized can send and receive data via the lines between the zones.
Although routers and switches have features that support security mechanisms, it is advisable to add firewalls to the mix.
4. Patch management
Software updates that have been poorly installed or entirely ignored represent a gateway for attackers, computer viruses and other malware. In programming, a "patch" refers to software that has been developed to update, optimize, or troubleshoot a computer program and/or its supporting data. That way, for example, you can close a security gap in an existing software application on your system. Take advantage of patch management to keep your software secure (including third-party software like office applications, PDF readers, etc.)
Specialists are available to address industrial security issues in major plant environments. At the next HANNOVER MESSE you can meet the experts from companies like Siemens or Pilz.
Industrial Security | 17 Sep. 2019
Hackers exploit old service account
An incident in Rhineland-Palatinate and Saarland, which saw hackers successfully encrypt servers and databases in several hospitals, shows...
Industrial Security | 11 Sep. 2019
5G requires better cybersecurity strategies
For the networking of Industry 4.0 production processes over 5G, companies need new security strategies. This is the finding of the Cyber...
Industrial Security | 08 Sep. 2019
Project seeks companies for free security check
German information network ‘Die Deutsche Wirtschaft’ (DDW) is offering companies a security analysis of their data. It is in particular...
Industrial Security | 04 Sep. 2019
VoIP telephones have serious security flaws
The Fraunhofer Institute for Secure Information Technology SIT has found serious security flaws in VoIP telephones. Users are strongly...
Industrie 4.0 | 04 Sep. 2019
Liability issues come to the fore for 3D printing
You can’t make an omelet without breaking some eggs – this is also the case for 3D printing. Some liability issues are yet to be clarified...
Industrial Security | 01 Sep. 2019
Cyber criminals taking increasingly more targeted approaches
The good news in cybersecurity: The number of ransomware attacks was down in 2018. The bad news: Cryptominers present a new and increasingly...
Industrial Security | 25 Aug. 2019
Hackers are attacking telephones and printers
Hackers have succeeded in penetrating company networks through printers and telephones. This is according to a report by the Microsoft...
Industrial Security | 18 Aug. 2019
AI hot on the trail of credit card fraudsters
The UBS Card Center in Switzerland is using artificial intelligence (AI) and machine learning to significantly reduce the number of fraud...
Industrial Security | 13 Aug. 2019
Startups to promote IT security
The German Federal Ministry of Education and Research (BMBF) has initiated StartUpSecure to help good ideas on IT security get put into...
Industrial Security | 13 Jul. 2019
Fraunhofer’s Clouditor enhances security for medium-sized enterprises
The new compliance tool enables companies to audit the configurations of their cloud-based applications, to create the basis for greater...
Industrial Security | 12 Jun. 2019
Scientists find vulnerability in FPGA chips
Cloud services and the Internet of Things (IoT) often use FPGA chips, which are considered relatively secure. Researchers at the Karlsruhe...
Industrial Security | 21 May. 2019
Botnets in the IoT can cause power failures
In its current semi-annual report, the Reporting and Analysis Center for Information Assurance (MELANI) in Switzerland reports on the...
Industrial Security | 16 May. 2019
Networked production riddled with vulnerabilities
In a world of networked production, hacker attacks can impact entire industries. Yet, as the findings of a worldwide study by TÜV Rheinland...
Industrial Security | 29 Apr. 2019
Cybercriminals strike with lightning speed
In an experiment, British software developer Sophos has tested how quickly and how often hackers strike worldwide: The first attack on a...
Industrial Security | 28 Apr. 2019
Industry urgently needs to improve its cybersecurity
Industrial cybersecurity is lagging years behind general IT security. This is the conclusion reached by TÜV Rheinland in its Cyber Security...
Industrial Security | 26 Mar. 2019
The key to complex IoT projects
How can mechanical and plant engineers use the IoT to generate added value? And what really matters when implementing IIoT production...
Industrial Security | 01 Mar. 2019
German companies report increasing number of cyber attacks
According to a study by US company Carbon Black, the number of cyber attacks in Germany rose significantly in 2018, with many companies hit...
Industrial Security | 09 Feb. 2019
CEOs do not see the value of cybersecurity
Many company managers primarily view investment in data security as a cost factor, and thereby overlook the competitive advantages of a...
Industrial Security | 06 Feb. 2019
Remote-controlled machines are vulnerable to attack
Industrial machines controlled remotely by radio are rarely, if ever, protected against attacks. This poses serious consequences for IT...
Security | 08 Jan. 2019
Fake news re VPN
Media reports of an imminent closure of VPN tunnels in China a few months ago caused great consternation among a substantial number of...