A new report has revealed that 20 per cent of industrial businesses across META tend to switch off their cybersecurity product if it is affecting their production processes or automation systems.
The report by cybersecurity firm Kaspersky dubbed “Kaspersky ICS Security Survey 2022: The Seven Keys To Improving OT Security Outcomes also established that 29 per cent of META organisations face such problems occasionally and another 59 per cent have dealt with these issues at least once. This can all be traced back to compatibility dilemmas.
“When implementing security solutions in an operational technology environment, it is vital that organisations strike a balance between security and production continuity. Otherwise, unplanned downtime caused by production interruptions can cost companies up to $260,000 per hour, according to some estimations,” the report says adding, “finding this balance can be challenging and can even lead some companies to switch off their protection. For others, a balance exists but it leans to one side”
The report established that most respondents from the META region (80 per cent) prefer changing security settings to find the compromise between security and productivity, while 40 per cent would rather change their production and automation systems to avoid conflict. Globally, 44 per cent of respondents believe the issue lies with the vendor or security provider and prefer to switch providers in order to keep their production processes unaffected.
According to the report, one possible reason behind companies’ compatibility issues is that their operational technologies (OT) or industrial control systems (ICS) may be out of date and cannot be upgraded.
It established that it is impossible for the average industrial organisation in the META region to update every sixth (16 per cent) endpoint in their OT network.
The report recommends that organisations:
- Adopt essential cybersecurity practices for OT/ICS security, such as network segmentation and access control, and regularly perform security audits or penetration testing to reveal any critical security gaps.
- Improve general security awareness across employees to minimise the risk of attacks due to human error. Boosting security skills across OT engineers with specialised courses can make their protection efforts more effective.
- Utilise a threat intelligence service with vulnerability databases for industrial control systems (ICS).