Industrial Firms Slow to Adopt Cybersecurity Measures: Honeywell
6.12.2017 securityweek Cyber
Industrial companies are slow to adopt cyber security capabilities and technology to protect their data and operations, according to a report released on Wednesday by industrial giant Honeywell.
A survey of 130 strategic decision makers from around the world revealed that more than half of industrial organizations have suffered a cybersecurity incident, including ones involving removable media, denial-of-service (DoS) attacks, malware, hackers breaking into plant IT systems, state-sponsored attacks, and direct attacks on control systems.
However, the study found that organizations underinvest in cybersecurity best practices in terms of people, processes and technology – three elements that need to work in harmony for an organizational culture that takes security seriously, Honeywell said.
Forty percent of respondents said they do have a cybersecurity chief in their organization and 15 percent plan on creating the role in the future. When it comes to having someone in charge of cybersecurity for manufacturing, only 35 percent of firms surveyed by Honeywell said they have someone in this role.
As for cybersecurity processes, nearly half of organizations have an enterprise- and plant-wide IT account management policy, and 22 percent plan on implementing one within the next year. A similar percentage also has or plans on having a definitive list of connections to the plant and what data flows through them.
Only one-third of respondents said they continually monitor their systems for suspicious activity and one quarter claim they plan on implementing such measures within a year. On the other hand, roughly 70 percent of organizations conduct risk assessments at least once a year, and more than 60 percent test their firewalls at least yearly.
When it comes to adoption of cybersecurity technologies, the Honeywell study shows that many organizations still have a long way to go. A majority of companies only have a firewall between plant and business systems, and only less than one-third have implemented proper access control and authentication measures for devices in the plant.
While the industrial sector is typically slower to adopt new technologies compared to other sectors, many organizations either already have an initiative for digital transformation or they plan on having one within a year. As companies move towards the adoption of the Industrial Internet of Things (IIoT), the main technology pitfall is cyber security, Honeywell said.
The company has advised organizations to ensure that cybersecurity is on the CEO’s agenda. Security needs to be part of the digital transformation strategy, and organizations must focus on adopting best practices.
Honeywell’s complete report, titled “Putting Industrial Cyber Security at the Top of the CEO Agenda,” is available for download in PDF format.