It has been reported that new research has shown that malware, insecure networks, and remote access top the list of concerns for enterprises as organizations embracing home working and hybrid IT face growing cyberthreats. The ongoing global pandemic that has led to massive levels of remote work and an increased use of hybrid IT systems is leading to greater insecurity and risk exposure for enterprises. According to new data released by Cybersecurity Insiders, 72% of organisations experienced an increase in endpoint and IoT security incidents in the last year, while 56% anticipate their organization will likely be compromised due to an endpoint or IoT-originated attack with the next 12 months.
What stands out to me in this important, timely survey is that almost half of the cybersecurity decision-maker respondents, forty-three percent, expressed ‘moderate to unlikely means to discover, identify and respond to unknown, unmanaged, or insecure devices accessing network and cloud resources’.
The reality is remote access is here to stay – it was a trend that was growing prior to COVID and with the pandemic, the trend has escalated. Security programs can adjust to support this new normal and tools are available to help. A new generation of artificial intelligence and machine learning tools make it possible to identify cyber threats in real-time and resolve issues before harm is done. With the right technology and a focus on best practices, you can see and respond to these unknown, unmanaged, and insecure IT, OT, and IoT devices
Now during National Cybersecurity Awareness Month, it’s a good time to remember it doesn’t have to take a catastrophe to spur change. As organisations in every industry embrace the use of IoT devices to improve operations and the way they work, they’re facing new facing risks to their cyber and physical systems. Review your cybersecurity plans, policies, and culture, and make sure you’re in the best position to address cyber threats.
While cultural change can be hard, it is possible if you focus on these areas:
Do things in the right order. Set up a good structure of cyber and physical security governance, with clear lines of accountability. Sources, such as the U.S. National Institute of Standards and Technology Cybersecurity Framework, describe a systematic approach with references to applicable standards for each step. Train all personnel thoroughly on their responsibilities. Design corporate policies and procedures to align with those pertaining to cybersecurity and vice versa. Then decide on what technologies to invest in that will support the other elements.
Don’t punish people if they admit to having made a mistake. Instead of penalizing employees who make errors, encourage them quick reporting when a cybersecurity breach occurs or when they recognize and disclose a mistake that could create a vulnerability.
Treat OT & IoT cybersecurity the same as physical safety. The safety of employees and the public is considered of paramount importance in industrial and critical infrastructure organisations. It’s considered every employee’s responsibility. Cybersecurity should be treated the same way.
OT & IoT security is not “one and done.” It’s always evolving. The job of securing assets and employee behavior should be continually updated because threats and vulnerabilities are constantly changing.