The human factor
Most successful cyber-attacks rely on human fallibility. Authorised users can be tricked into disclosing passwords or installing malicious software using carefully crafted “phishing” emails. Disgruntled employees can be incentivised to pass on access credentials. Old, weak or default passwords can be vulnerable to simple and widely available hacking tools.
Managing and mitigating these risks requires a systematic approach. Is your organisation adopting good practices in each of these six key areas?
Investing in appropriate capabilities
Is your organisation’s dedicated IT security team sized and skilled to manage the complexity and risk level of its system? Do they understand the particular challenges of automation technologies?
Educating and engaging your people
Do all your employees see cyber-security as a personal responsibility? Do they receive regular training in good security? Are your operations personnel ready for a connected world, where a security weakness in one part of the system can create vulnerabilities elsewhere?
Testing your defences
Do you check compliance with security practices by staff involved with industrial automation systems? Do your HR evaluation and review processes cover security training? Are you watching for signs of dissatisfaction or inappropriate behaviour?
Facilitating best practices
Do you give your staff the tools they need to make the right security decisions, like strong password generators or encrypted media? How do you ensure that individuals are given access only to the systems and functions necessary to fulfil their roles?
Learning from bad experiences
Do you have mechanisms in place to systematically review, share and learn from cyber-security failures? How do you communicate new practices across the organisation?
Thinking about the supply chain
How do you assess the cyber-security processes and capabilities of suppliers and partners? Do you include security-related terms in contracts and service agreements?
Your people could be the weakest part of your industrial cyber-security. With the right processes, training and support, they could become is greatest strength. To find out more, contact our cyber team here.