Your people are a critical-link in the industrial cyber-security chain

Your people are a critical-link in the industrial cyber-security chain

Author: Neil White, Business Manager

The human factor

Most successful cyber-attacks rely on human fallibility. Authorised users can be tricked into disclosing passwords or installing malicious software using carefully crafted “phishing” emails. Disgruntled employees can be incentivised to pass on access credentials. Old, weak or default passwords can be vulnerable to simple and widely available hacking tools.

Managing and mitigating these risks requires a systematic approach. Is your organisation adopting good practices in each of these six key areas?

Investing in appropriate capabilities

Is your organisation’s dedicated IT security team sized and skilled to manage the complexity and risk level of its system? Do they understand the particular challenges of automation technologies?

Educating and engaging your people

Do all your employees see cyber-security as a personal responsibility? Do they receive regular training in good security? Are your operations personnel ready for a connected world, where a security weakness in one part of the system can create vulnerabilities elsewhere?

Testing your defences

Do you check compliance with security practices by staff involved with industrial automation systems? Do your HR evaluation and review processes cover security training? Are you watching for signs of dissatisfaction or inappropriate behaviour?

Facilitating best practices

Do you give your staff the tools they need to make the right security decisions, like strong password generators or encrypted media? How do you ensure that individuals are given access only to the systems and functions necessary to fulfil their roles?

Learning from bad experiences

Do you have mechanisms in place to systematically review, share and learn from cyber-security failures? How do you communicate new practices across the organisation?

Thinking about the supply chain

How do you assess the cyber-security processes and capabilities of suppliers and partners? Do you include security-related terms in contracts and service agreements?

Your people could be the weakest part of your industrial cyber-security. With the right processes, training and support, they could become is greatest strength. To find out more, contact our cyber team here.

Latest Insights

See all news