Infobip Shift Miami Secures Record Attendance in Its Second Year
Infobip Shift Miami, the American version of the Croatian developer conference, this week brought together a diverse technology-sector audience on the shores of Florida.
The absence of a cybersecurity policy means exposing the company and its business to great risk, and even a minor cyber attack can seriously damage the system and should not be underestimated, Stefan Woronka, Siemens' security expert, said in an interview with ICTbusiness.info. He added that in the entire cybersecurity chain, often people are the weakest link.
To prevent this, it is necessary to educate employees through various pieces of training and thus systematically raise awareness of cyber risks, which are present every day, and this can be compared with mandatory safety training at work, which aims to prevent accidents at work, explains Woronka.
What are the key trends today when we talk about cybersecurity?
In today's environment, we can say that the concept of digitizing one's business is leading the way. Business is moving more and more to the cloud, and all internal and external processes are experiencing major and fundamental changes. This process can be long-lasting and brings certain risks, both during the transition and after the digitalization of the business is completed. This is where we come to another term - cybersecurity. Many companies do not take cybersecurity seriously enough, thinking that cyberattacks cannot happen to them or that they cannot protect themselves from it, which is a particularly dangerous attitude. Nowadays, cybersecurity is a necessary element of business that, if implemented on time and in the right way, protects all aspects of the business. Siemens fosters an approach in which the entire product development cycle is considered for each product and each cyber solution that we provide to all our clients - from the beginning of development, design, production, and onsite installation to the removal of the product after years of operation. This holistic approach implies both operational and IT infrastructure and the inclusion of cybersecurity aspects in every step. Siemens also offers clients support in their digitization process from assessment of the current state of cybersecurity, implementation, and continuous support throughout the process.
How are companies and institutions prepared for the problems and challenges posed by the increasing number of attacks?
A surprisingly large number of companies are still not adequately protected from cyberattacks, and they believe it is an unlikely scenario. This means that no threat analysis has been carried out, they do not protect their entire business, or they are simply not aware of the risks. In the entire cybersecurity chain, human beings are often the weakest link. Data shows a clear negative trend of cyber incidents in companies, but also in human beings. To prevent this, it is necessary to educate your employees through various training and thus systematically educate the world about the cyber risks that are present every day. It can be compared to mandatory safety training at work, which aims to prevent accidents at work. This is essentially not different. It must also be emphasized the importance of modernizing the production plant and finding solutions that are compatible and keep up with the times and challenges. The main focus is to keep production stable and operational to utilize the investment fully. A second focus needs to be put on cybersecurity as any change in this can mean the potential risk of production outage and damage to the company. Outdated equipment that has been in use for 15-20 years is especially at risk then, but even when security solutions are implemented, compatibility must be checked.
How important is it to have cybersecurity policies and how to implement them in large and complex systems, but especially in small ones that simply do not have the resources for such a thing?
The absence of a cybersecurity policy means exposing the company and its operations to greater risk. Even a minor cyberattack can seriously damage production and should never be underestimated. What a cybersecurity policy provides is stability and clear protocols for what to do if an attack does occur. Today, cybersecurity also relies on AI and machine learning, which can be used by companies of all sizes. Siemens solutions based on new technologies help analyze the huge amount of data generated in the factory, naturally with the support of our employees. When it comes to implementation, it must be said that there is no universal approach that would apply to everyone, but through our consulting, we use an approach that consists of 5 steps:
1. Know what you own!
2. Know yourself!
3. Know what to do!
4. Know how to do it!
5. Know how to improve!
The organization can start with any of them, and if it considers one of them unnecessary, it can also skip it. The first step (Know what you own) means that it is crucial to know in detail which components are in the production lines and machines (in short company assets) - getting to know the firmware, software, and patch status. During the second step (Know Yourself), organizational maturity is assessed - the organization's readiness to decisively deal with cybersecurity challenges. Depending on the outcome of the results of the first and second steps, Siemens can provide support to the client in the third step (Know what to do) by suggesting which measures can be implemented and providing an analysis of costs and benefits. These recommendations are based on the asset from the first step, for which we can specifically say whether it is outdated and whether there are any potential vulnerabilities. The fourth step (Know how to do it) covers the implementation of measures and training of the organization to raise the level of awareness of cyber threats. As part of the fifth step, we provide support to clients through continuous management of their factory or company by offering and implementing "patches" or looking for new vulnerabilities.
Everyone talks about different methods of protection. What is the trend today and how to protect yourself in the world of cloud computing and quantum computing?
Threats are becoming more complex every day, but protection methods are also getting better and better. Therefore, before the methods of protection, we must mention the threats. The leading cybersecurity standard IEC 62443 defines several levels of security, depending on the threat. The standard sets unsophisticated attacks as the lowest level of attack while extremely sophisticated attacks indicate the highest level. The most common type of hacker attack today is ransomware, which involves attacking an organization through random selection. Based on this a company can choose the right security level and follow the requirements for this specific level. It is important to regularly re-assess the security level and adjust to changing environments, but the IEC 62443 gives a very good concept for this called Defense-in-Depth.
For our own products, we take cyber protection very seriously and regularly conduct security monitoring and thorough analyses. We conduct our own "hacking" tests during product development, and later we cooperate with external actors with the help of which we test the effectiveness of our solutions. As a result of constantly raising the standards of our products, Siemens has received many certificates that guarantee the highest quality, most efficient, and comprehensive protection.
Više vijesti iz kategorije
HMD Launches First Smartphones Under Its Own Brand
Freshly rebranded Human Mobile Devices (HMD) unveiled its first smartphones under its own name.
Google Plans New €600 Million Dutch Data Center
Google plans to spend €600 million on a new data center in the Netherlands.
