When it comes to scary movies, the most terrifying ones are often about the unknown. It’s easy to grasp a frightening ghost, monster, or some lunatic chasing after a group of folks whose van broke down in the wrong town. However, the unknown allows for another level of paranoia because you never know what’s coming next. To quote H.P Lovecraft:
“The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown.”
When it comes to industrial security, that fear of the unknown is a common thread for manufacturers. Increasingly, they are learning that many of their legacy systems are inherently insecure. Older PCs on the plant floor are no longer supported and are vulnerable to viruses and ransomware. Employees and contractors come in and out, carrying with them laptops, mobile devices, and thumb drives infected with threats that could shut down operations. Malicious hackers are continually looking for exploits to get inside industrial systems. It’s an overall scary scenario highlighted recently in the Cisco 2017 Midyear Cybersecurity Report.
Make fear your advantage
There’s always risk involved with the unknown. However, there are ways to turn that fear into an advantage. One of the first things to do is to accept the anxiety and recognize that it’s there for a reason. The next step is to prepare so that your organization can overcome fear and then use it to anticipate potential threats.
So, how can you mitigate the concern of these security risks? Deploy a combination of trusted best practices, new technologies, and strategies:
- Conduct a security assessment: This is the first step in understanding where any potential vulnerabilities are within critical infrastructure. It’s also crucial for an organization to know what needs to implemented in places in regards to access, as well as current understanding of procedures and how to enforce policies.
- Use a defense-in-depth strategy: Modern, advanced threats require a holistic security strategy. That’s why manufacturers should turn to a defense-in-depth approach. “Defense-in-depth” strategies incorporate layers of independent security controls (physical, procedural, and electronic).
- Follow trusted best practices: In the modern landscape of Industrial IoT, some old best practices still apply. Device segmentation remains an essential first step, and it’s always important to create specific policies that define device access. Robust firewalls are still critical.
- Include technologies that play an indispensable role: Modern networks need to operate as a security extension. They need to provide context into the system and identify traffic patterns and the flow of data.
Don’t let fear of the unknown overtake your organization. The right security strategy is key to avoiding things that go bump in the night.
To learn more about assessing risk and setting a security strategy, visit our interactive security experience for manufacturing.
I also invite you to explore the following manufacturing topics: