Firms should strike a balance between security and production continuity

Firms should strike a balance between security and production continuity

Some firms `dumping cybersecurity solutions’

01 June 2022

A new report has revealed that 20 per cent of industrial businesses in the Meta (Middle East, Turkey and Africa) region tend to switch off their cybersecurity product if it is affecting their production processes or automation systems.

The report by cybersecurity firm Kaspersky dubbed “Kaspersky ICS Security Survey 2022: The Seven Keys To Improving OT Security Outcomes” also established that 29 per cent of organizations face such problems occasionally and another 59 per cent have dealt with these issues at least once. This can all be traced back to compatibility dilemmas.

“When implementing security solutions in an operational technology environment, it is vital that organizations strike a balance between security and production continuity. Otherwise, unplanned downtime caused by production interruptions can cost companies up to $260,000 per hour, ” the report said.

“Finding this balance can be challenging and can even lead some companies to switch off their protection. For others, a balance exists but it leans to one side,” it added.

As per the report, most respondents in Meta region (80 per cent) prefer changing security settings to find the compromise between security and productivity, while 40 per cent would rather change their production and automation systems to avoid conflict. Another 44 per cent believe the issue lies with the vendor or security provider and prefer to switch providers in order to keep their production processes unaffected.

One possible reason behind companies’ compatibility issues is that their operational technologies (OT) or industrial control systems (ICS) may be out of date and cannot be upgraded. One of the respondents from a high-tech manufacturing firm in North America said: “Our largest issue with our OT and ICS is that the equipment we own isn’t upgradable beyond its current level. The manufacturers don’t offer any type of upgrade to our current systems. We are stuck on outdated platforms that are, and remain, vulnerable”. In fact, according to those surveyed, it is impossible for the average industrial organization to update every sixth (16 per cent) in the Meta region endpoint in their OT network.

“In the past asset owners reasonably assumed that the protection and automation systems responsible for the core business processes of an industrial organization would be left undisturbed throughout the equipment’s lifetime,  – with the possible exception of occasional settings changes,” said Kirill Naboyshchikov, Business Development Manager, Kaspersky Industrial CyberSecurity.

“It was common practice to commission systems as a whole and perform complete retesting and recommissioning if any changes were to be made. However, with the introduction of next generation digital automation systems, there are many instances where this may no longer be the case. Therefore, both general purpose and ultra-specialised computer-based automation systems should be equipped with the following security subsystems and tools and processes: a vendor-approved, centrally managed protection system; permanent vulnerability monitoring and compliance scanning; network intrusion and anomaly detection; and update, patch management and version control,” he added.   

More Stories