Over a tenth of organizations' operational technology systems are a decade or more in age.
In a recent survey conducted by techconsult on behalf of Sophos, the state of cybersecurity in German production facilities was examined. The survey involved 211 production facilities across the country, revealing some intriguing insights.
The most prevalent strategy for protecting against cyber attacks and technical failures is professional vulnerability analyses and penetration tests by external security experts, with 54% of companies employing this method. However, less than half of the surveyed companies have clear organizational structures and responsibilities for cybersecurity, indicating that many have not fully engaged in all recommended actions.
The longevity of production systems is a growing concern from a cybersecurity perspective. Nearly half (48.8%) of the surveyed companies have critical production systems that have been in use for five to ten years, with another 11.4% having systems more than ten years old. This long-standing use of outdated systems can potentially expose these companies to increased risks.
Michael Veit, a security expert at Sophos, emphasized the importance of modernizing the production landscape, stating, "What was once designed as an isolated installation is often networked today and thus vulnerable."
To address these issues, Sophos recommends five measures for better cybersecurity in production: regular updates, backup strategy, employee training, supply chain review, and integration of IT and production. These measures aim to strengthen the overall security of production facilities while maintaining their functionality.
In addition to the recommended measures, 37.9% of companies rely on specialized service providers for system protection, 38.9% use security operations centers (SOC/SIEM) for continuous system monitoring, and 64.9% regularly check the IT security of their suppliers.
Another notable finding is that 46.4% of companies prioritize targeted employee training, and nearly a third of companies regularly practice disaster exercises. These practices highlight the importance of human factors in maintaining cybersecurity.
The survey also revealed that more than half of respondents (57.3%) have formulated contractual requirements for cybersecurity with suppliers, and 37% of companies have segmented their networks to separate critical production areas from the rest of the corporate network.
Unfortunately, the survey did not explicitly list which companies have not yet researched the implementation of these five recommended measures. However, the data suggests that many production companies in Germany have room for improvement in their cybersecurity practices.
One challenge in implementing these measures is the potential impact on availability. Measures to increase security can sometimes endanger availability, presenting a central dilemma.
In terms of the frequency of production downtime due to software or security updates, more than three quarters (75.1%) of the surveyed companies experience unplanned production downtime in the last three years. Every fourth company (24.6%) experiences multiple outages, and another 52.6% confirm at least occasional interruptions.
It's important to note that the backup strategy for production systems involves system configurations and machine parameters, not just data, unlike office IT. This underscores the unique challenges faced in securing production systems.
In conclusion, while many German production facilities are taking steps to improve their cybersecurity, there is still a significant number that could benefit from implementing the recommended measures. The longevity of production systems, the potential impact on availability, and the importance of human factors are all critical considerations in this ongoing effort.
Read also:
- Tesla is reportedly staying away from the solid-state battery trend, as suggested by indications from CATL and Panasonic.
- Artificial Intelligence integration announced by Schneider Electric in their latest patent, aiming to enhance safety measures and lower potential risks.
- Progress achieved in significant phase of Staffordshire construction project by Henry Brothers
- Enlarges Internal Quality Guarantee Operation by Blackline Safety
