Kaspersky: the state of industrial cybersecurity in 2020
For Kaspersky, 2020 was a special year for surveying; the COVID-19 pandemic and subsequent industry lockdowns opened up industrial cybersecurity for brand new challenges that it hadn’t previously faced. Some existing cybersecurity methods were strained, and industry experts have been quick to identify the majority of weak points exposed. Many industrial companies now have a very simple, but vital question: ‘How must the cybersecurity maturity model be adapted to provide effective protection in the digital age?’
The Key Findings Of The Report
The report also brings to light the question of how industrial control systems (ICS) cybersecurity drivers dealt with threat challenges during the pandemic. This has been brought up because ICS and the automation components used within them haven’t ever been considered as a security risk historically; any faults found were often related to defects in the hardware and software. However, as the world becomes increasingly digital, and the Internet of Things (IoT) interconnects more and more components, physical assets can now be targeted for manipulation, and even destruction by cyberattacks and criminal organisations─who are ceasing this development as an opportunity to exploit ICS as a business model.
With that in mind, Kaspersky suggests that it is time for industrial control system users to invest in with “new, modern security methods to detect attacks and initiate countermeasures”.
As we already know, the majority of businesses have changed the way that they operate during the pandemic ─ primarily, to a ‘work from home’ format. According to the report, 53% of respondents have been operating with a remote workforce, which was a stress test for cybersecurity processes. Due to this, 14% revised their cybersecurity concepts, and only 7% found that their existing models and strategies were up to the task of protecting their remote workers. For those who didn’t have sufficient cybersecurity plans, they realised that “they need to supplement [the] procedures during exceptional circumstances.”
ICS Cybersecurity Drivers
Due to the complexity of ICS, in the majority of organisations today, all budgets are decided by interdisciplinary teams. Kaspersky advises that the “best way to find suitable protection measures is to consult experts from different fields”, including specialists in IT, ICS, safety, and production. 67% of the respondents reported that a team of experts akin to this is growing increasingly popular and influential in the decision-making process surrounding cybersecurity in their own firms.
Many of the companies involved in the report stated that they “expect certain benefits from digitisation”, including improved efficiency in the workplace. This is to be expected, given that human and tech augmentation is explicitly designed to up the ante, and it’s entirely plausible. However, as interconnected devices influence the operational technology (OT) topology, the ICS cybersecurity maturity models that they rely on need to be updated too. “55% of respondents confirmed that their OT networks are checked for security issues at least once a year or more often”, while 44% focus on cybersecurity initiatives daily during their digital transformations.
These figures suggest that the important principles for basic cybersecurity protection are pretty much in place, but that there still needs to be a degree of education and implementation over the coming years, to ensure that all industrial organisations have sufficient cybersecurity to ward off any potential threats in an increasingly dangerous world.
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”