Going safely into the brave new world of 4IR

1 August 2019 Industrial (Industry), Information Security

The Fourth Industrial Revolution (4IR) is changing the world as we know it, and South Africa is pinning its growth ambitions on a 4IR-enabled economy. But 4IR adoption without putting cyber-safety first could undermine growth efforts and expand the risks to manufacturing, heavy industry and key infrastructure, warns GECI.

GECI, a specialist in industrial cybersecurity, says key infrastructure, manufacturing and heavy industry are potentially at greater cyber-risk than knowledge-based enterprises.

“Industries such as finance, telecoms, healthcare and retail are typically mature in terms of the digitisation journey, and usually have advanced and comprehensive cybersecurity measures in place,” says Mike Bergen, director of GECI International: Middle East and Africa. “In contrast, industrial and key infrastructure facilities are often running older operations technologies (OT) in siloes and not connected to the organisations’ IT systems.

“For years, they have been at limited risk of cyber-attack. However, as they digitise and start moving into a 4IR environment, these OTs will become connected to the Internet and integrated into the enterprise IT environment, quickly expanding their risk exposure.”

This risk is compounded by the fact that industrial sites tend to neglect basic information security measures in their existing environments. International OT cybersecurity solutions developer CyberX’s 2019 Global ICS & IIoT Risk Report found vulnerabilities and flaws in basic cybersecurity at industrial sites around the world:

* 53% of industrial sites used outdated Windows systems.

* 57% were not running anti-virus software that updated signatures automatically.

* 69% had passwords traversing the network in plain-text.

* The ‘air gap’ is a myth, as 40% of industrial sites had at least one direct connection to the Internet.

* 84% had at least one remotely accessible device.

* 16% of sites had at least one wireless access point.

Cyber criminals are already exploiting these vulnerabilities, costing companies millions in ransoms and other damages, Bergen says. “Research has found that virtually all industrial organisations have come under some form of cyber-attack in the past few years. These attacks range from malware and ransomware attacks to targeted attacks designed to sabotage operations or steal sensitive data.

“The losses caused by successful attacks extend from actual theft and ransoms, through to production downtime, safety risks, reputational damage and potential fines in the event of a failure to deliver critical services or due to sensitive information breaches.”

The more connected these organisations become, the greater their risk footprint. However, this does not mean the industrial sector should not advance into the 4IR. Bergen says: “Digitisation and technological progress helps overcome several common challenges in the industrial and manufacturing sectors – it improves throughput, efficiency and profitability, by achieving performance enhancement and resource efficiency through data acquisition and real-time analytics.

“Improved efficiencies help free up investment funds to support modern manufacturing innovation, rapid product iteration and customisation. Importantly, industrial safety can be enhanced by technologies such as better analytics and automation of dangerous tasks through robotics, cobotics and the digital workforce.”

He cites a McKinsey September 2018 white paper, which found “manufacturing digitisation could boost heavy industry profit margins by three to five points”.

Says Bergen: “Nobody can afford to ignore 4IR progress. But companies wishing to move into the 4IR have to build cybersecurity into their strategies and systems from the ground up in both IT and OT environments, to counter the growing cyber-risks facing them.”

GECI provides CyberX in South Africa. The CyberX solution delivers an industrial cybersecurity platform built by blue-team military cyber-experts with nation-state expertise defending critical infrastructure. CyberX delivers advanced OT asset discovery and visualisation, detects vulnerabilities and advanced known and unknown threats within seconds, prioritises and recommends actions to be taken to rectify vulnerabilities and threats, monitors continuously, providing alerts in real time, protecting critical IT and OT infrastructure against cyber-attacks, and automating Security Operations Centre (SOC) workflows.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Milestone Systems joins CVE programme
Milestone Systems News & Events Information Security
Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE) Programme as a CVE Numbering Authority (CNA), to assist the programme to find, describe, and catalogue known cybersecurity issues.

Access & identity expectations for 2024
Technews Publishing IDEMIA ZKTeco Gallagher Salto Systems Africa Regal Distributors SA Reditron Editor's Choice Access Control & Identity Management Information Security AI & Data Analytics
What does 2024 have in store for the access and identity industry? SMART Security Solutions asked several industry players for their brief thoughts on what they expect this year.

Zero Trust and user fatigue
Access Control & Identity Management Information Security
Paul Meyer, Security Solutions Executive, iOCO OpenText, says implementing Zero Trust and enforcing it can create user fatigue, which only leads to carelessness and a couldn’t care attitude.

Passwordless, unphishable web browsers
Access Control & Identity Management Information Security
Passkey technology is proving to be an easily deployed way to bring unphishable, biometric-based security to browsers; making identification and authentication much more secure and reliable for all parties.

Practical guide to protect data privacy
Training & Education Information Security
The Data Privacy Toolkit, reflecting the evolving landscape of data privacy, includes guidelines and recommendations to safeguard sensitive information crucial for protecting sensitive information from malicious actors.