Information Security is typically associated with the corporate office, with its role in an industrial environment often overlooked.
In many cases, industrial systems qualify as DHS Critical Infrastructure, sectors include chemicals, communications, dams, energy, food and agriculture, manufacturing, nuclear, and water systems.
SCADA networks and Industrial Control Systems are experiencing an increasingly higher rate of attacks, with half of these environments believed to have experienced some level of disruption by malicious threat actors.
Poor security maturity is most often the result of legacy infrastructure that is no longer supported, typically equipment running on systems with an unsupported OS such as Windows XP. These systems are vulnerable to attacks if they are in anyway, directly or indirectly, connected to the Internet or by compromised removable media.
Investing in an updated software license for industrial equipment can aid in preventing at-risk system compromise and reduce larger financial impacts. Compromised industrial equipment also creates a safety risk for employees.
Secondary issues are a lack of segregation between the corporate and industrial infrastructure. An unsegmented network means malware introduced by accounting can disrupt floor operations.
Asco, Maersk, Mondelez, and Norsk Hydro are some of the larger companies who have suffered from significant attacks despite having the resources to proactively protect themselves.
As Industry 4.0 gains traction, those advantages bring increased risk of attack.
It’s time to protect both the IT and the OT side of your organization. Industrial systems should be prioritized based on their criticality to business operations.
Most executives are surprised to see the disparity between the level of protection the receptionist receives over their critical business systems.