The number of companies in which the individual production stages are intelligently networked is constantly increasing in the age of IIoT. To ensure secure processes, security measures that do not neglect any primary activity in the value chain are essential. Lars Zywietz, Managing Director at Accenture Security, explains the background.

Are German companies adequately prepared for potential cyber attacks and are their protective measures sufficient?

Zywietz: In recent months in particular, we have seen that a large number of German companies have been confronted with cyber attacks. Some have adapted to this specific threat situation and introduced appropriate security measures. However, with the changing threat scenarios and attack vectors, the corresponding defense strategies must be reviewed and possibly adapted. A study on cyber resilience has shown that 13 percent of German manufacturing companies are mastering this challenge much more successfully than their competitors. This is primarily reflected in the following three areas:

a. Identifying cyber attacks more quickly

b. Better addressing the effects of cyber attacks

c. Stopping new cyber attacks

Conversely, for many companies this means that additional measures are necessary in order to adequately protect the value chain from future cyberattacks.

Regardless of the budget, which three security measures should companies implement to protect themselves from cyber attacks?

Zywietz: First of all, it is important for every company to understand what exactly needs to be protected, which threat scenarios it is exposed to and which protective measures have already been effectively implemented in the company. It helps to look at the respective value chain: Which critical data along the value chain needs to be protected? Is system access by employees, business partners and customers secured? Have protective measures been established beyond IT, i.e. for production facilities and intelligent, networked products?

I recommend that companies take the following measures as a guide:

"Get the basics right" - First of all, this includes a sufficient understanding of security at all levels of the company, but also effective security processes that cover data and systems along the entire value chain.

Use of new technologies - With an increasing attack surface for cyber attacks, intelligent products are needed to recognize and defend against the growing number of security-relevant scenarios.

Adaptive security - The year has shown that many industrial companies have adapted their production to the pandemic at short notice. This necessary agility will certainly continue and will also have an impact on the respective cybersecurity strategy. If employees suddenly no longer access critical data from their own offices but from home, then protection mechanisms are needed that can support and evaluate these changed access scenarios.

Keyword security as a service: should the manufacturing and process industry consider managed security services?

Zywietz: As with all important corporate functions, the question of cybersecurity is of course "make or buy?" - and the same decision criteria apply. We see a hybrid approach as a promising model here. With increasing digitalization, especially with regard to intelligent and networked production processes, security makes a critical contribution to trouble-free production operations. Due to this strategic importance, security must be firmly anchored in the company. However, in order to be able to focus on company-specific issues, it can make sense to make use of the support of established managed security providers. This is especially true when it comes to quickly and efficiently setting up important defense mechanisms.