Unit 2: Self-directed learning – Cybersecurity in the digitalised world (of work)
Cybersecurity – a challenge and an opportunity
Digital transformation also creates new opportunities for cybercriminals to exploit vulnerabilities in the systems and networks. For example, IoT devices often lack adequate security measures, and can be easily hacked to gain access to sensitive data. Similarly, cloud computing introduces new risks related to data privacy and the security of cloud infrastructure.
The rise of Industry 4.0 and smart factories has led to a greater reliance on digital technologies and connected devices in manufacturing. While these technologies can improve efficiency and productivity, they also create new vulnerabilities and cybersecurity risks. Manufacturers are investing in advanced security technologies such as encryption, firewalls, and intrusion detection systems to protect against cyber-attacks and data breaches.
The Industrial Internet of Things (IIoT), which involves connecting sensors and devices in industrial settings, is becoming increasingly common in manufacturing. This connectivity can help manufacturers monitor equipment and processes in real-time, but it also introduces new cybersecurity risks. Manufacturers are investing in advanced security technologies such as endpoint security, network segmentation, and identity and access management (IAM) to protect against cyber threats.
The digital transformation of manufacturing has also led to greater reliance on global supply chains, which can create new vulnerabilities and cybersecurity risks. Manufacturers are investing in supply chain security technologies such as blockchain, encryption, and data analytics to ensure that their supply chains remain secure and resilient.
Overall, these examples demonstrate how digital transformation is impacting the manufacturing industry and their approach to cybersecurity. By adopting a proactive and strategic approach to security, manufacturers can take advantage of the benefits of digital transformation while also minimizing the risks of cyber-attacks and data breaches.
While large companies usually have the resources to protect their networks from the ever-evolving cyber threat landscape, smaller companies have fewer resources and, consequently, a lower level of security of devices and networks, which makes them easy targets for attackers. In this context, however, it is essential to acknowledge that cyber threats are now dominant among business risks in seven out of eight countries (Hiscox Cyber Readiness Report 2022).
It is important to understand that the cybersecurity sector also presents a great career opportunity, especially when we know that there is a global shortage of cybersecurity professionals and technicians, while attacks, especially with the digitalisation of all spheres of society, are constantly on the rise.
“The cybersecurity workforce has reached an all-time high, with an estimated 4.7 million professionals, but there’s still a global shortage of 3.4 million workers in this field, according to the 2022 (ISC)2 Cybersecurity Workforce Study released Thursday.”
“Attacks intensify 48% of companies reported a cyber-attack in the past 12 months, up from 43% last year.”
The Ponemon Institute (2019) identifies three key cybersecurity challenges that SMEs face.
Firstly, many SMEs do not have the financial resources to implement standard safety measures. Large companies, for example, implement regular testing by hiring “ethical hackers” outside their organisation to perform fake attacks in a controlled environment (application penetration tests and system security reviews). Although this type of testing helps identify vulnerabilities, it is simply too expensive for many companies and organisations.
The following challenge, closely related to the (lack of) financial resources, is the lack of insufficient skilled cybersecurity staff. Often teams or individuals responsible for IT in a company or an organisation do not have the capacity or knowledge to conduct thorough cybersecurity assessments. Attackers, who seem to be getting more skilled and numerous every year, are aware of this and exploit this weakness by launching sophisticated attacks that are difficult for less experienced teams to defend against.
The third identified challenge relates to the complexity of the field of Cybersecurity. Supply chains are getting longer and more complex – e.g., when moving small and medium-sized companies to the cloud, security teams that lack experience and knowledge face even more difficult challenges of operating in a hybrid environment. Attackers adapt their tactics and often attack a weak point in the chain (usually the seller) and thus can penetrate a larger company with more robust security.
How to protect ourselves?
Targeted attacks on smaller companies have been increasing for several years (Hiscox Cyber Readiness Report 2021). However, more than half of all cyber-attacks target SMEs, which significantly impact their business – from loss of money, reputational damage, and loss of customers to difficulties in winning new employees. Furthermore, especially in times of pandemic when many businesses have had to accelerate their digital transformation.
With the digitalisation of their organisation and processes to survive, SMEs that are neither aware nor trained in cyber security have become even more vulnerable overnight to the increased threat of cyber-attacks. Yet, despite this, 68% of SMEs still do not have a systematic approach to ensuring Cybersecurity in the enterprise (Ponemon Institute, 2019), believing they are too small to be attacked, unattractive to cyber attackers, and do not perceive the threat as accurate.
Even if your company does not have the financial, human, organisational or other resources- or capacity, protection can start by raising awareness and going through at least some free training. These can help to raise the level of understanding throughout the company or organisation.
Among the variety of advice available, we highlight a set summarising the essential steps on the way to protect yourself, your organisation or your company and preventing the potentially severe consequences of a cyber-attack:
- a properly installed and managed firewall;
- regular software updates;
- security incident recognition processes in place;
- security incident response processes in place;
- practical training for staff (as no technology can offer complete protection!).
The following AWARE modules will dive into the different types of threats, targeting not only the (industrial) systems but individuals, even in the most advanced companies. More detailed tips on how to be less vulnerable and prevent and protect yourselves in your private life or your organisation/school/workplace will be provided.