Industrial firms fail to adopt basic security measures against hackers

New research suggests that fewer than half of industrial businesses are even monitoring for suspicious entry into their systems.
Written by Charlie Osborne, Contributing Writer

Video: What's next for ransomware?

Despite constant data breaches, compromises, and the expensive damage control which follows, the majority of industrial enterprises are failing to protect their businesses according to a new survey.

On Wednesday, US conglomerate Honeywell released new research into the state of security in the industrial sector.

Titled, "Putting Industrial Cyber Security at the Top of the CEO Agenda," an in-depth poll of 130 industrial companies revealed that almost two-thirds of those surveyed -- a total of 63 percent -- admitted they do not monitor for suspicious behavior, and 45 percent do not even have a cybersecurity expert or manager in place.

Despite over half of these companies, 53 percent in total, reporting that they have already been the victim of at least one cybersecurity breach, 20 percent still do not conduct regular risk assessments.


In addition, 25 percent of those surveyed said they never conducted penetration testing, while 13 percent said this practice -- which can discover holes in network security before attackers do -- occurs less than once every 12 months.

The industrial Internet of Things (IIoT), through the use of sensors, Internet of Things (IoT) devices, embedded connectivity in control components, and data analytics, can vastly improve industrial processes.

However, the more connectivity you introduce into a network, the more opportunities there may be for cyberattackers to infiltrate such systems. Together with long upgrade cycles commonly found in industry, businesses may be setting themselves up for a cybersecurity incident.

In June this year, Honda was forced to stop production at a manufacturing plant after WannaCry struck internal systems and barely a week later, employees were locked out of Chernobyl's radiation monitoring systems due to a successful Petya ransomware campaign.

It is up to other industrial businesses to learn from these examples and tighten up their own controls to prevent becoming a fresh victim of cybercriminals in the future.

"Decision makers are more aware of threats and some progress has been made to address them, but this report reinforces that cybersecurity fundamentals haven't been adopted by a significant portion of the industrial community," said Jeff Zindel, vice president and general manager of Honeywell Industrial Cyber Security for Critical Infrastructure & IIoT. "In order to take advantage of the tremendous benefits of industrial digital transformation and IIoT, companies must improve their cybersecurity defenses and adapt to the heightened threat landscape now."

See also: Harnessing IoT in the enterprise

According to Honeywell, industrial companies need to take security far more seriously if they are going to lower the risk of successful cyberattacks.

As part of this process, firms should drive best practice adoption across their staff and systems; make industrial cybersecurity part of the discussion in business transformation, instill security at every point in the product cycle and focus on building a structure which brings security solutions and industrial operations together.

The 10 step guide to using Tor to protect your privacy

Previous and related coverage

    Qualcomm: Mesh networking is the future of smart homes

    Qualcomm's Rahul Patel believes mesh networking is critical to the future of home Wi-Fi -- as long as ISPs learn to see its value.

    These four big trends are driving the robotics industry

    The variety is stunning at one of the biggest automation conferences in North America, but these themes are consistent.

    Now, hackers are targeting internet-connected industrial robots

    A new report reveals that industrial robots could easily be hacked.

      Editorial standards