Cybersecurity
Learning from KRITIS companies
Many companies find it difficult to establish efficient cyber security structures for various reasons. This is the result of a study commissioned by Secunet. Guidelines for cyber security can be derived from the approach of critical infrastructure institutions (KRITIS).
Business processes are not only becoming more complex, they are also becoming more digital. Communication between machines is now the rule rather than the exception. The problem: growing demands on cyber security are overwhelming many companies. According to the study "IoT - but secure. Secure infrastructures in a networked world", conducted by the research and analyst firm Techconsult on behalf of Secunet, companies in Germany see data protection (43%) and security concerns (36%), a lack of expertise (38%) and integration into the existing IT infrastructure (36%) as the biggest hurdles when implementing IoT projects. Almost half (46%) also stated that they did not have sufficient expertise, while 38% simply lacked the necessary specialist staff.
As a result, many companies are not investing enough in cyber security, which can have serious consequences in the event of a cyberattack. The German government has now recognized this and created modern guidelines for IT security with the IT Security Act 2.0. It offers companies guidance - regardless of whether they are legally affected or not.
Not mandatory, but a role model for the industry
Since 2015, the IT Security Act (IT-SiG) has formed the basis for protection against cyberattacks for operators of critical infrastructure in the energy, water, food, information technology and telecommunications, transportation and health sectors. The municipal waste disposal sector and companies of special public interest, including Germany's economically strongest companies, are also affected by the amendment. The guidelines defined therein serve to prevent damage by obliging companies that are essential to the functioning of society to structurally modernize their cybersecurity concepts. Starting with a well thought-out network structure that takes risks into account from the outset, this also includes a systematic organization of network access and suitable means of detecting attacks at an early stage.
These are all issues and challenges that are also familiar to industry. After all, the advancing automation and machine communication in the Industrial Internet of Things (IIoT) also place high demands on cyber security here. However, medium-sized companies in particular often lack the expertise and support to be prepared and react quickly in the event of damage. For this reason, too few or even no measures are taken in many cases. In the event of damage, insurance often does not help, as it requires a basic level of security, which usually includes the installation of an up-to-date firewall, regular data backups and the creation of back-ups, individual access for employees and regular password changes.
Yet comprehensive IT security would be particularly relevant for small companies: According to a Techconsult study, almost 30% of companies with fewer than 999 employees were targeted by cyber criminals in 2021.
Advantages of structured cyber security
Even if companies in the industrial sector are not subject to the statutory regulations, they should still be guided by the applicable standards that have been established since 2015. This offers several advantages:
Effectiveness:
The measures implemented are transparent, measurable and tried and tested. They are based on the experience of companies that have made targeted improvements to their security concepts over the course of several years.
Planning capability:
The measures are structured for several years and build on each other so that companies can define budgets at an early stage and make binding plans. The end of unforeseen costs or "barrels without a bottom".
Insurability:
Cyber security measures serve to minimize risk, but cannot offer 100% protection. Cyber insurance is therefore worthwhile in the event of damage. However, this only applies if certain minimum standards, such as established best practices and legal requirements, are adhered to.
How do I secure my company?
What should industrial companies do now? The basis for cyber security is an analysis of the current situation. This can be used to derive sensible action plans, as there is no universal guide to IT security. As an IT security partner of the Federal Republic of Germany, Secunet advises companies on all aspects of cyber security and supports them in implementing a professional and individual security infrastructure. In three steps, existing systems, including outdated legacy devices, are first recorded in full. Based on this, new requirements are identified. In the next step, the appropriate measures are defined and implemented in order to securely network the systems. This can also take the form of a retrofit of existing machines and systems. Finally, the transmission paths are secured and routes via the internet are replaced by connections to private or hybrid clouds, for example.
These are three important steps to secure your own business and make it fit for the future. In view of the growing importance of data-supported process analysis and optimization as well as the networking of devices and machines in the IIoT, a secure and reliable IT infrastructure is essential for a company's success.
You might also be interested in
ESTIA aims to strengthen Europe's cloud
New tech alliance for EU sovereignty
Twelve companies, including Dassault Systèmes, are founding the European Sovereign Tech Industry Alliance (ESTIA). The initiative aims to strengthen Europe's technological independence and define requirements for sovereign cloud services. The start...
read more...Deutsche Telekom and Nvidia launch one of Europe's largest AI factories
With the Industrial AI Cloud in Munich, Deutsche Telekom and NVIDIA are creating one of the largest AI factories in Europe. Companies can train AI models, carry out simulations and access 10,000 GPUs.
read more...Leveraging data potential with AI and streaming
Huge data treasures are still lying dormant in many manufacturing companies. And yet it is high time that these treasures were unlocked. There is often a lack of resources and capacity to make data usable in real time. Streaming production data can...
read more...More awareness of noise
Dematic offers solutions that are tailored to different cloud environments and reduce environmental impact through reduced material consumption and improved energy efficiency.
read more...Generative AI in the automation environment
The mechanical engineering and automation industry is undergoing profound change. This transformation is being driven by more volatile global trade, geopolitical crises and increasing market pressure, which demands greater agility, technological...
read more...Rigid data structures have had their day
The traditional data center is no longer the center of data. A hybrid cloud storage approach enables manufacturing companies to both meet the current requirements of data-intensive processes and future-proof their infrastructure.
read more...Software as a service in three stages
CIM Database Cloud is a new out-of-the-box solution from Contact for end-to-end digital product development.
read more...How production can benefit from AI
Together with AI technology, IIoT networking makes it possible to better control machine parameters and optimize quality with predictive quality. Downtimes and set-up times can also be further minimized. Cloud platforms also make these technologies...
read more...More expertise for digital engineering
Altair, a computational science and artificial intelligence (AI) company, has acquired OmniV, a technology from Michigan, USA-based software company XLDyn.
read more...