TAGUIG CITY, Philippines—Fortinet, the global leader in high-performance Cyber Security solutions, states that almost 80 percent of manufacturing security incidents in critical infrastructure organizations are caused by accidental internal issues such as software misconfigurations from human error and broken network protocols.
Critical infrastructure industries in particular, such as utilities, transportation and natural resource producers, together with the communities and economies they serve, face not only particularly damaging outcomes from cyber security attacks, but also need to deal with important difficulty due to the scale of their operations.
Market research firm ABI Research estimates that spending on dangerous cyber security infrastructure in the Asia-Pacific region is expected to hit US$22 billion by 2020.
As organizations cannot predict every threat, they must then focus on what they can control. Fortinet has recently issued Top 10 guidelines to help local companies assess their operational technology (OT) vulnerabilities:
- Identify critical elements that need immediate protection is a vital first step
- Identify protocols for permission management or access to controls – Most systems were formerly isolated. Now that IT and OT are interconnected, they need to keep pace with OT security best practices. In addition, determining the suitable privileges for authorized users is just as important as blocking unauthorized access
- Update hardware and software operating systems regularly – Some hardware and software systems pre-date the very notion of cyber security. Organizations need to ensure compatibility with standard modern defenses such as anti-virus software or threat scanning technologies
- Perform regular and routine organization update and patch – While most operations cannot afford any down-time and cost associated with patching, deferring updates lead to wider security gaps
- Identify unsecured, and IP-enabled telemetry devices such as sensors and pressure gauges. Data on these devices can be manipulated, which then impacts the safety and reliability of the overall system
- Employ best practices in modern coding. Using embedded and often custom-built software written with little attention to recommended security techniques leaves OT systems open to attack
- Adhere to a standard procedure for logging events. Organizations that establish a process for noting and reporting system events can often use this data to detect irregularities and implement security measures
- Regulate component manufacturers and supply chain. Without proper monitoring and governance, equipment may be compromised before it is even installed
- Implement Network Segmentation. Many operations have not yet partitioned their networks into functional segments (while remaining fully interconnected). Without proper segmentation, infected data and applications can overlap from one segment to another, and attackers who manage to breach perimeter defenses can easily move undetected across the network
- 10. Prepare an Operational Recovery Plan. In the unfortunate event of a disaster, every organization needs a documented procedure to assess damage, repair systems and machines, and restore operations. Regular security drills also help operators implement recovery quickly and efficiently when it is needed most.
Hope these tips and guidelines will help you to tackle technology vulnerabilities & avoid cyber security threats. Also Read: Five Major Cyber Security Threats & How to Tackle Them