MARKET | Sep 26, 2019

13 things that companies need to know about Cybersecurity

Although perceived as a priority, companies still invest little in computer security: a checklist for companies drawn from the Engineering White Paper.

According to State of Industrial Cybersecurity 2019, recently published by Kaspersky, industrial institutions are looking with increasing interest at the opportunities of digitizing their own operation networks and at introducing IoT, although they feel the need to improve the defense of their own security perimeter. Almost half of the companies surveyed (41%) declared they were ready to connect their OT/ICS networks to Cloud, resorting to the policy of preventive maintenance or to simulations via Digital Twin and, in this context, the Cybersecurity of OT/ICS systems becomes a priority for 87% of the institutions involved in the study.

Although the importance of security for safeguarding own company data is felt, the Kaspersky study shows that just over half of the companies surveyed (57%) declares that they allocate a budget to Cybersecurity.

The reason for this attention is soon told: attacks, which according to The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 by Junipher Research will increase by almost 70% over the next five years, and will cause an increase in the cost of data breaches, which will pass from three trillion dollars a year to over five trillion in 2024, with an average annual growth of 11%.

What is the approach required to safeguard industries and businesses?

The approach to Cybersecurity, reads Engineering’s White Paper, must be “multidimensional, transversal to various sectors and able to put in place skills based on technologies which combine proven techniques of threat detection (whether known or not) with advanced security features. Thus, every approach to Cybersecurity must be integrated with the knowledge and processes already present in the company, to ensure protection which is completely aligned with the other activities”.

Technical interventions are therefore necessary, accompanied however by projects aimed at increasing  employee awareness regarding Cybersecurity.

What are the 13 things that a company must have clear?

  1. Cybersecurity is not just about technology; it is a strategy to all intents and purposes
  2. Be aware of how the company works and not allow anyone else to define what it is important to protect
  3. Make people part of the Cybersecurity strategy
  4. Perform a 360° analysis of the most important assets and keep this updated
  5. Assets cover everything that is fundamental: buildings, vehicles, computers, networks but also trade secrets, marketing plans, pricing strategies
  6. Discover the cascading effects of asset damage: how quickly can it spread? Where will it stop?
  7. Invest in security awareness: train staff, work with customers and partners
  8. Prepare for cyber-attacks by means of expert support, communication plans, asset isolation, redundant processes
  9. Manage the identities of system users, remembering that identity information is everywhere, keeping pace with regulatory changes, implementing dynamic controls
  10. Share and verify European and global trends: understand how performance is going, set annual goals to improve Cybersecurity
  11. Consider Cybersecurity a tool of Digital Transformation, make it a part of the business growth strategy
  12. Set a target on reporting delays, analyze how it is improving, compare it with trends to understand the level of performance
  13. Choose solution and service providers by using clear criteria which guarantee a constant consistency of the means used.