Many manufacturers must either be in denial or simply complacent over the security of their IT infrastructures, if the findings of a recent survey by cyber security specialist Lancope are to be believed.
It found nearly two thirds (65%) of organisations stating that they had experienced no security incidents over the last 12-18 months or were unsure whether they had or not.
What's more, more than a third (38%) claimed that recent security incidents had resulted in zero impact on their organisations. And these respondents ought to know: 45% were security directors or managers; 42% were security engineers or analysts; and only 13% were categorised as company executives.
Can any of this be right? Looking at the survey's other highlights, there are no surprises at all: more than 50% see BYOD (bring your own device) policies as among the greatest risks; 32% see other insider threats as a top problem; and 43% view 'monitoring user activity' and 'not having a single view' to be key network security challenges.
Lancope's director of security research Tom Cross is understandably convinced that something is badly awry here. As he puts it: "Any system you connect to the internet is going to be targeted by attackers very quickly thereafter. I would assert that if you're unsure whether or not your organisation has had a security incident, the chances are very high that the answer is 'yes'."
The points are surely obvious? Every organisation, without exception, needs to know whether or not it has been subject to a security breach. No one can afford a false sense of security. The consequences of ignorance are potentially the most damaging, in terms of IP theft and the brand damage at the very least.
Common business sense also tells us we should all be maximising protection upfront to prevent disruptive breaches – and then ensuring vigilance by subscribing to the well-known IT security products and services designed to detect and block the range of evolving attack vectors. Additionally, particularly (but certainly not only) where BYOD is encouraged, it is clearly in all companies' interests to ensure that network activity is monitored. And that policies and systems are in place, not only to block proscribed locations and actions, but also to authenticate individuals.
Incidentally, the same applies to products sold with internet access. Earlier this year, a security loophole was identified in one unnamed manufacturer's mini CHP (combined heat and power) system that left it wide open to hackers. Today, the big concern is cars and planes, not just industrial systems. It's a dangerous world out there.