Humans: A Weak Link in Network Security

Have you noticed in recent years, the topic of Cybersecurity has become increasingly popular?

A number of studies have found that untrained employees are the biggest threat to an organization’s network security.  A study[1] by ESI ThoughtLab found that 87% of executives are aware of this fact.  Consequently, companies of all industries and sizes are now putting more focus on preventing (or minimizing) attacks by investing in training for employees using Operational Technology (OT) systems including Industrial Control Systems.

The examples below[2] are common pitfalls when there are human-factor vulnerabilities:

  • Operators using OT workstations in the same manner as an IT device or home computer. For example: Uploading photos, plugging in smartphones, downloading games or potentially corrupt software, using unsecured USB drives, visiting unsecure websites, and more.
  • Operators accidentally click on a link in a phishing email from an operator station
  • Poor credential management: Allowing unrestricted access to system areas or functions that are not needed for an operator’s job role
  • Incident preparedness: No incident response program.  What if something did happen?  Is there a well prepared plan in place?
  • User’s credentials are not removed from system when leaving the company.

So, what if I’m not an expert?

That’s OK!  Even trained employees are human.  The good news is many weak links can be prevented by improving the security of your ICS network. 

Champion’s Certified Cybersecurity Experts are trained in the latest ISA/IEC 62443 and NIST standards for Industrial Cybersecurity.  This means you benefit from the most current, comprehensive safeguards for your operations.

Industrial Cybersecurity is an ongoing cycle of assessing vulnerabilities, implementing solutions, and maintaining secure operations without production downtime.

Champion can help you by providing Vulnerability & Risk Assessments of your current network, then offer System Hardening and Configuration to mitigate risks.  We can also help you in developing Cybersecurity Policies and Procedures, implementing best practices, and recovery steps for incident response in the event of an attack.  We can even host a complete backup of your control system to get you up and running with little or no downtime, should a major disaster strike.

Lastly, as your Cybersecurity Experts, Champion can maintain a secure live Intrusion Detection & System Recovery Systems, Investigate Incidents, and provide a comprehensive incident response plan that fits your needs.

Want to learn more?  Contact an expert today!

Champion Technology Services, Inc. is an industrial control systems integrator that provides cybersecurity services across the United States and abroad. Our team includes ISA/IEC 62443 Cybersecurity Experts and GICSP (Global Industrial Cyber Security Professional)-certified professionals. We help small, medium, and large companies assess their existing control systems and implement cybersecurity protocols that meet their facility’s requirements while maintaining our status as an unbiased third-party cybersecurity solution provider.


References:

[1] Source:  https://www.controleng.com/articles/untrained-staff-is-the-biggest-cyber-risk-according-to-report/

[2] Source:  https://www.exida.com/Blog/cyberattacks-succeed-where-humans-and-systems-are-weak 

Joshua Clemens

>