Production facilities targeted by cyber criminals

in Network Security

on

A production system must not fail under any circumstances!

Not even by installing security updates. However, this often means that they are put on the back burner or not installed at all. But it is precisely because of this that companies risk a successful cyberattack and thus their availability.

Until a few years ago, cyber security for production facilities was still a marginal topic. The threats seemed too abstract and theoretical, so manufacturers didn't bother with them. This changed abruptly when several hacker attacks became known. These now also focused on automation systems and production facilities, which can ultimately result in high losses. In addition, production systems are increasingly networked (MDA) and therefore vulnerable to attack.

Prevent in good time

Increasing digital networking increases efficiency, but also the attack surface for cyber criminals. What can you as an industrial company do about this?

Make IT security a matter for the boss

  • The final responsibility for IT security should lie with the management. Otherwise, the IT manager will lack the necessary backing in an emergency. IT security objectives and responsibilities must be clearly and unambiguously defined in a security concept. This applies to both the office and production areas. Important: This is a "living" concept that is regularly reviewed, tested and updated.
  • Implement emergency management: A well thought-out IT emergency management system is essential in order to respond quickly to incidents The emergency plan defines both technical and organizational measures: for example, which incidents are to be reported to whom and who has to do what in the event of a cyber attack. You should also create restart plans and investigate the causes and evaluate the incident once operations have been restored.
  • Technical protective measures in production: Technical protective measures are particularly important in a production environment. To secure the machines and systems, you should divide the entire production IT network into separate security cells and protect each of these separately. Such well thought-out network segmentation prevents the entire production from being affected in the event of a hacker attack. 
  • Access protection and employee sensitization: Most IT security incidents are still caused by employees. It is therefore essential that you ensure meticulous authorization and password management and secure all access and interfaces. All users should only have the rights that they absolutely need. 
  • Control remote maintenance: External access to production IT is a critical process. All remote maintenance access should therefore be technically and organizationally secured (e.g. with regular checks by an external, proactive security tool). Access should only take place via secure connections (VPN) and protocols. Avoid access to larger network areas and only allow targeted access to selected components within fixed time windows.

The threat situation in the area of cybercrime particularly affects machine and plant manufacturers due to increasing networking. Companies should invest in their IT/OT security on an ongoing basis wherever possible - and comprehensively safeguard against residual risks. 

Our proactive security tool DEFENDERBOX scans and pentests all detectable devices in your IT infrastructure, including production facilities and VPN access, to identify any security gaps and vulnerabilities.

What does the IT security of your production systems look like? Use our test installation and find out!

class="wp-image-6682"
news
home page
class="wp-image-6682"

Current contributions

  • Over 80% critical security vulnerabilities
    Alarming results from our IHK cooperation on IT security at companies! Which critical security gaps were found in our pentests?
  • "Find & Fix" campaign to get to know each other
    Protect your company and find out which security gaps or vulnerabilities exist in your IT.
  • New DEFENDERBOX feature
    After each pentest (penetration test) with the DEFENDERBOX, our customers receive an email informing them of the status of the result.
  • DEFENDERBOX NIS-2 compliant
    Our DEFENDERBOX is NIS-2 compliant, i.e. the DEFENDERBOX reports document exactly all pentests that are valid as NIS-2 certification for the NIS-2 audits.
  • Targeted by cyber criminals
    If law firms fall victim to blackmail cyber attacks, the damage is particularly high. This is why ransoms are often paid. Investments in cyber security and insurance offer protection.
class="wp-image-6678"

Do you want to know how secure your company is? Try it out! Click here for a test installation of DEFENDERBOX.
The trial offer is valid until
30. September 2024.

Order now

Comments are closed.