The cloud and edge computing have come to the industrial world and they’re here to stay. Whether one thinks that’s a good or bad thing, it’s now inevitable.
These shifts have been accelerated by the enormous expansion in remote workers due to Covid-19 and their many unmanaged or insecurely managed devices, along with the connection of millions more imperfectly managed devices via the Industrial Internet of Things (IIoT).
While the expansion of cloud services can help solve some cybersecurity problems for industrial companies, including the vastly expanded attack surface caused by remote workers, it also spawns new security problems.
In multiple reports from different parts of the cybersecurity industry, data breaches continue to be the top concern in many industries, and flaws in identity and access management (IAM) practices continue to rate among the top avenues for those data breaches.
Despite these reports, and despite the fact that misconfigurations causing security gaps were exploited in two-thirds of attacks reported in a recent cloud security study by Sophos, only a quarter of organizations said a lack of staff expertise is a top concern. Some companies are just not connecting the dots.
More than half of employees working from home do so without new guidelines on how to handle customers’ personally identifiable information (PII), according to an IBM Security study. Yet the study found PII data is exposed in 80 percent of reported security incidents with the most costly consequences. For example, Pfizer reported a huge breach of highly confidential HIPAA-related customer data, stored in automated customer support software on a misconfigured Google Cloud storage bucket.
Our Special Project focuses on vulnerabilities in the industrial cloud, especially for companies with industrial control system (ICS) and operational technology (OT) concerns, and those connected to the IIoT. My introduction explores industrial cloud cybersecurity problems, the consequences for cybersecurity of the shift to cloud, what’s needed to protect the industrial cloud from cyberattacks, what’s currently being done to combat those threats, and what’s not being done yet but should be.
For the rest of this series, please go to EETimes.