Contributed by Ilan Barda, CEO of Radiflow
Predictions for Industrial Cybersecurity in 2020
During the course of 2020, there will be major changes to the industrial cybersecurity strategies employed by industrial enterprises, especially in the manufacturing sector, as well as critical infrastructure operators and relevant government organizations.
These strategy changes will be clearly in response to the rise in cyberattacks targeted at industrial automation networks that have occurred over the past number of years.
At the same time, more industrial organizations are advancing with their plans for wider automation as well as their use of new IoT and AI technologies to gain operational and business benefits. This subsequent increase in connectivity on OT networks and the use of process-control software has elevated the exposure of industrial enterprises to cybersecurity vulnerabilities and has significantly enlarged the attack surfaces on industrial automation networks.
Based on these trends, here are some of our predictions for the industrial cybersecurity space as we start 2020:
Process manufacturing will become the fastest growing segment for OT cybersecurity adaption
Connected OT operations and the business and operational benefits it brings has become a reality for industrial enterprises as well as essential service providers. As cyberattacks occur more frequently and on a wider scale, security executives have understood that the previous notion of air gapping infrastructure is no longer sufficient.
The demand for dedicated industrial cybersecurity solutions will continue to grow not only from regulated industrial organizations and large manufacturers, but also strongly from small to medium sized manufacturers that previously overlooked cybersecurity.
Human resource limitations will boost the demand and adoption of OT MSSP cybersecurity services
There is a clear shortage of trained cybersecurity professionals with the required experience to manage and protect industrial control systems and operational technology networks. As a result, there will be an increased demand going forward for managed and outsourced cybersecurity services from industrial enterprises.
The adoption of MSSP cybersecurity dedicated to OT will accelerate most rapidly among small to medium sized manufactures that lack the human resources and budgets to properly handle their cybersecurity requirements internally.
Industrial cybersecurity strategies will become business-driven and risk-oriented
The current approach to industrial cybersecurity strategies focuses on visibility, hygiene and threat monitoring. While these are certainly important elements of any cybersecurity strategy, the outcome of risk assessment processes is an overload of unprioritized vulnerabilities that can overwhelm any security team. As a result, today security analysts are wasting valuable time and limited resources fixing problems that have little impact on critical systems and operations, while not addressing more dangerous vulnerabilities.
Because of this, there will be an increasing shift in industrial cybersecurity strategies towards becoming more business-driven and risk-oriented. As such, monitoring activities must operate in a framework that provides the prioritization of threats, vulnerabilities and mitigation measures. The prioritization of remediation efforts must take into consideration the business processes of the industrial enterprise and the impact of each vulnerability on its potential to interrupt business processes.