Three questions for... NetModule

Tiffany Dinges,

"Alarming increase in cyber attacks"

Due to protective measures in connection with Covid-19, the establishment of home office workplaces is experiencing a rapid boost this year. Benjamin Amsler explains in the Security Special that a sensitive approach to cloud solutions is not only necessary at this point.

© NetModule

When companies are faced with the decision to invest in IIoT devices and interfaces, proven certifications and security standards of the products are an important criterion. As Director Engineering and CTO of NetModule, one of Benjamin Amsler's priorities is to equip the company's communication products for M2M and IoT with all the necessary security functionalities. In the interview, Amsler describes what is important with regard to industrial use and what conclusions he draws from current study results.

Are German companies adequately prepared for potential cyber attacks and are their protective measures sufficient?

Amsler: According to the Hiscox Cyber Readiness Report 2020, a trend can be observed that companies are protecting themselves more and more effectively against cyber attacks (the number of companies affected by attacks fell from 61% to 39% for the first time in 2020 compared to the previous year), but at the same time the costs per attack are rising massively (from EUR 9,000 in 2019 to EUR 52,000 in 2020). This increase in costs is partly due to the fact that ransom money is increasingly being paid in connection with ransomware in order to avoid jeopardizing the company's reputation and operations.

This corresponds to a trend towards the professionalization of cyberattacks, both among attackers and defenders. This is probably also linked to a shift in attacks to energy and manufacturing, as these sectors are obviously lucrative targets:

  • High levels of automation
  • Large-scale impact in the event of outages
  • Low level of cyber resilience

The above-average costs per attack and the mediocre number of well-prepared "cyber expert companies" of 17% show that Germany has some catching up to do.

However, attention must be paid to the networking of industrial plants with the cloud, where Germany is rather traditional with only 16% (internationally it is 42% according to the Kaspersky ICS Report 2019). If networking also increases in Germany, an increase in cyberattacks is likely. The big challenge is to continue to drive forward both the expansion of digitalization and protection against cyberattacks, as both are essential for a company's success.

Regardless of the budget, which three security measures should companies implement to protect themselves from cyber attacks?

Amsler: The key requirements are training and raising employee awareness in order to avoid unintentional incidents. This is particularly important due to the enormous increase in home office workplaces as a result of Covid-19.

When networking industrial plants using IIoT devices, OT (Operational Technology) security should be given a high priority, as IIoT devices are often in use for much longer than IT hardware. Regular firmware updates are essential for devices that are accessible from the outside, as security vulnerabilities in operating systems and libraries inevitably become known over longer periods of time.

This means that it pays to use devices from manufacturers who are aware of their responsibility and whose products meet the relevant security and quality standards.

Keyword security as a service: should the manufacturing and process industry consider managed security services?

Amsler: I don't see any alternatives for small and medium-sized companies, as there are not enough ICS (Industrial Control Systems) security specialists available and it will hardly be possible for SMEs to keep up with the increasingly complex systems.

Due to the increasing merging of IT and OT systems, a holistic approach is required. I assume that Managed Security Service (MSS) providers will respond to this and that there will be an increasing number of comprehensive service offerings. When selecting a provider, you should ensure that they are familiar with your domain and are familiar with the relevant best practices and standards.

Be aware that the international MSS market experienced 45% growth in 2019 and is characterized by a lot of restructuring. So evaluate the partner and products carefully, because should a cyberattack actually occur, a solid basis of trust is essential.

Advertisement
  • Xing Icon
  • LinkedIn Icon
Advertisement
Advertisement

You might also be interested in

Advertisement
Advertisement
Advertisement
Advertisement

Imperva

The cybersecurity year 2021

The coronavirus pandemic will largely define the cybersecurity year 2021, according to the predictions of Imperva's security experts. Cyber criminals are benefiting from the uncertain and challenging situation for companies.

read more...
Advertisement
Advertisement
Advertisement
Subscribe to our newsletter
Advertisement
Back to home