The greatest dangers are infections with malware, blackmail using Trojans or ransomware, intrusions via remote maintenance access and, last but not least, human error.

This is one of the findings of the VDE Tec Report 2018, a survey conducted by the technology association VDE among its 1,350 member companies and universities in the electrical engineering and information technology sector. "Production companies need state-of-the-art, highly flexible IT security measures in order to fully exploit the benefits of Industry 4.0, such as efficiency gains, more flexible production or localized production on demand," said VDE CEO Ansgar Hinz at the Hannover Messe. In the survey, 68 percent of respondents stated that infection with malware is the greatest threat to Industry 4.0. Malware gives criminal hackers the opportunity to steal individual IP, i.e. sensitive product and production data, undetected, sabotage production or blackmail the company. Every second company says that blackmail using Trojans or ransomware in particular is a threat.

Remote maintenance and network components harbor dangers
Almost half of companies and universities (49%) consider "intrusions" via remote maintenance access to be a serious threat. Remote maintenance (remote monitoring & predictive maintenance) is one of the most important service offerings based on globally networked equipment and systems. However, other interfaces to the internet also pose a threat to industry. 45% of respondents see attacks on inadequately protected network components as a threat and 45% also fear attacks on control components that are connected to the internet. "Networked production facilities must be secured with technical, organizational and personnel protection measures, i.e. systemic IT security," emphasized Hinz. Around one in three companies fear attacks via the company network and one in four fear unauthorized access to IT resources, DDoS attacks or targeted sabotage. Last but not least, people in the system are a significant risk factor: 59% consider human error to be a threat to IT security.

Security deficits open the door to criminal hackers
According to the results of the survey, four out of ten companies and universities have already been affected by cyber attacks. Another four out of ten respondents do not know whether they have been attacked. "The VDE assumes that the number of companies and universities affected is very high," said Hinz. The companies and universities surveyed cited security deficits in their own organization as the reason for successful cyber attacks. 75 percent say that employees lack awareness of the risk of cyber attacks. This is also due to a lack of education on the part of employers: 30 percent state that employees do not receive sufficient and systematic training on IT security issues. However, technical and organizational reasons also play a role. A good one in two people criticize the fact that IT attacks are noticed too late or not at all. And 45 percent say that IT systems are not adequately protected and cannot withstand attacks. "If cyber attacks are not detected quickly, cyber criminals have an easy time gaining a foothold in companies' IT systems, siphoning off data or manipulating it," explained Hinz. According to the survey, one fundamental problem is that organizations still see cyber security as a cost driver rather than a necessity. Almost one in three respondents agreed with this statement. "Systemic cyber security must be an integral part of every company's management task," added Hinz.

Clear majority want to increase investment in cyber security
In the survey, 61% of companies and universities stated that they want to increase their investment in defending against cyber attacks. However, many organizations are apparently reaching their limits in view of the increasing complexity of the issue: 79% of respondents are convinced that many companies are overstretched financially and in terms of personnel due to the growing demands on IT security.