sb-nz logo
Story image

Kaspersky finds red tape biggest barrier against cybersecurity initiatives

‘Red tape’ is the main barrier for cybersecurity initiatives in the industrial sector, according to a new report by Kaspersky titled State of Industrial Cybersecurity in the Era of Digitalisation.

More specifically, the most common obstacles that inhibit or delay the implementation of industrial cybersecurity projects include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%).

According to Kaspersky, these barriers may become a critical point in light of COVID-19 because they can affect the implementation of pandemic-driven operational technology (OT) security initiatives.

The report states that the cybersecurity race isn’t slowing down, and every year many incidents, including high-profile attacks, are hitting industrial control systems (ICS).

The pandemic lockdown introduced its own challenges in addition to the existing threat landscape. Industrial firms have to adapt to new norms including remote work, overnight digitalisation and new hygiene requirements, as well as specific pandemic-driven threats such as a massive growth in phishing attacks, Kaspersky states.

Organisations need to make sure their protection is up to date with these changes and there are no open doors for malicious actions in ICS networks. The above barriers are what organisations will have to overcome when implementing cybersecurity projects, according to the study.

However, most of them refer to bureaucratic rather than technical obstacles in total, almost half of organisations (46%) face red tape delays.

In addition to the most prevalent long approval times and numerous decision-makers, these barriers include protracted supplier selection and purchasing processes, as well as interference from other departments. These barriers may become even more critical in the current post-lockdown period, the analysts state.

The survey revealed that almost half of organisations (46%) expect to see changes in their OT security priorities as a result of the pandemic. These organisations will likely need to shift their security strategy on-the-fly and quickly implement new cybersecurity practices.

While it can be challenging generally, due to the specific requirements of OT, the barriers for implementation can complicate and slow down the process even more.

Some organisations will need to be even more conscious as they try to overcome these difficulties with decreased OT security budgets (24%).

In order to help industrial organisations accelerate the implementation of industrial cybersecurity projects, Kaspersky suggests the following steps.

If an organisation doesn't have enough experience and practice in complex ICS security projects, it's better to implement solutions step by step: start with building organisational processes and adopting basic cybersecurity measures such as security gateways and endpoint protection.

From here, an organisation can move to more complex projects such as network monitoring, intrusion prevention and SIEM.

Industrial standards, such as ISO or IEC guidelines, can help to organise methods and increase the speed of project execution.

According to Kaspersky, it is also a good idea to introduce a practice whereby all new OT systems are implemented with cybersecurity built-in.

This should simplify further protection processes and give the OT security team the ability to test new protection tools on these parts of the infrastructure.

In addition, organisations should implement education and training for all teams including specific ICS security training for IT security and OT engineers and awareness to all employees.

This will help different teams understand the risks and responsibilities of each other and increase the overall level of consciousness about cybersecurity.

Finally, according to Kaspersky it’s important to choose a reliable cybersecurity solution for OT components and networks, as well as trusted partners for implementation.

Kaspersky head of Growth Center Georgy Shebuldaev says, “It’s always more difficult to invest money and resources in projects without a clear return on investment, such as with cybersecurity initiatives. And while cybersecurity for OT is still a developing area, all these management barriers are quite natural.

“As a vendor, it is up to us to help customers eliminate these obstacles and simplify and speed up the implementation of protection measures.

"Our task here is to make ROI more transparent and showcase the risks for businesses so customers can understand the benefits from the very beginning and better justify them to C-suite or the board if needed.”

Story image
Thycotic releases new integrations to bolster account governance
“Service accounts are often left defenceless, even by enterprises with established programs for privileged user security."More
Story image
Cloud services top threat vector for healthcare industry
"The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organisations face."More
Story image
Almost a third of malware threats previously unknown - HP report
A new report has found 29% of malware captured was previously unknown due to the widespread use of packers and obfuscation techniques by attackers seeking to evade detection. More
Story image
Microsoft Exchange breach a wake-up call to ditch the server
"There are owners who still have in-house exchange servers because they are suspicious of the cloud or have concerns about their data sovereignty or don't want to contemplate the capital expenditure. But the warning is clear. Get rid of them."More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More