A recent Kaspersky report titled “State of Industrial Cybersecurity in the Era of Digitalization” has revealed the main barriers that inhibit or delay implementation of industrial cybersecurity projects.
The most common obstacles include the inability to stop production (34%), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). These barriers may become a critical point in light of Covid-19 because they can affect the implementation of pandemic-driven operational technology (OT) security initiatives.
Every year many incidents, including high-profile attacks, are hitting industrial control systems (ICS), the report said, with the pandemic lockdown introducing its own challenges in addition to the existing threat landscape.
The report said industrial firms have to adapt to new norms including remote work, overnight digitalization and new hygiene requirements, as well as specific pandemic-driven threats such as a massive growth in phishing attacks.
Organizations, it said, need to make sure their protection is up to date with these changes and there are no open doors for malicious actions in ICS networks.
The above barriers, however, are what organizations will have to overcome when implementing cybersecurity projects. Remarkably, most of them refer to bureaucratic rather than technical obstacles – in total, almost half of organizations (46%) face red tape delays.
In addition to the most prevalent – long approval times and numerous decision-makers – these barriers include protracted supplier selection and purchasing processes, as well as interference from other departments.
These barriers may become even more critical in the current post-lockdown period. The survey revealed that almost half of organizations (46%) expect to see changes in their OT security priorities as a result of the pandemic. These organizations will probably need to shift their security strategy on-the-fly and quickly implement new cybersecurity practices.
While it can be challenging generally, due to the specific requirements of OT, the barriers for implementation can complicate and slow down the process even more. Some organizations will need to be even more conscious as they try to overcome these difficulties with decreased OT security budgets (24%).
“It’s always more difficult to invest money and resources in projects without a clear return on investment, such as with cybersecurity initiatives. And while cybersecurity for OT is still a developing area, all these management barriers are quite natural,” commented Georgy Shebuldaev, head of growth center at Kaspersky.