New Report Reveals Employee Errors Lead to Over Half of Cybersecurity Incidents
“Taking a comprehensive, multi-layered approach — which combines technical protection with regular training of IT security specialists and industrial network operators — will ensure networks remain protected from threats and skills stay up to date,” Shebuldaev said
Despite automation, human factor can put industrial processes at risk. A new report has revealed that employee errors or unintentional actions lead to over half of cybersecurity incidents in industrial networks.
Organisations are experiencing a shortage of professionals to handle new threats, said the report from cybersecurity firm Kaspersky.
Organisations are also worried that their operational technology and industrial control system (OT/ICS) network operators are not fully aware of the behaviour that can cause cybersecurity breaches, according to the report titled “State of Industrial Cybersecurity 2019”.
These challenges make up the two major concerns relating to cybersecurity management and go some way in explaining why employee errors cause half of all industrial control system incidents — such as malware infections — and also more serious targeted attacks.
In almost half of companies (45 per cent), the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks, combining this task with their core responsibilities.
Such an approach may carry security risks. Although operational and corporate networks are becoming increasingly connected, specialists on each side can have different approaches and goals when it comes to cybersecurity.
“This year’s study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” said Georgy Shebuldaev, Brand Manager, Kaspersky Industrial Cybersecurity.
“Taking a comprehensive, multi-layered approach — which combines technical protection with regular training of IT security specialists and industrial network operators — will ensure networks remain protected from threats and skills stay up to date,” Shebuldaev said. (IANS)
The Indian Data Protection bill 2019 which aims to help consumers exercise their privacy rights needs a proper structural framework else personal data of millions of users in the country will be at stake, leading industry experts said on Monday.
As the world observes Data Privacy Day on January 28, experts and leading industry bodies have already demanded clarification in several areas of ambiguity that exists in the draft Bill.
The Personal Data Protection Bill 2019, which was introduced in Lok Sabha in the winter session last year, has been referred to a Joint Parliamentary Committee (JPC) of both the Houses. The JPC has been constituted under the chairmanship of New Delhi MP Meenakashi Lekhi for examination and report.
“Although the Indian Data Protection bill aims to play an important role in fabricating regulations for governing the increasingly data-driven landscape, without a structural framework data privacy becomes a cause of concern, Lovneesh Chanana, Vice President, Digital Governments (Asia Pacific & Japan), SAP, told IANS.
A report by the Internet and Mobile Association of India (IAMAI) in December said that the bill categorises data as Personal data, Sensitive Personal data and Critical Personal data, but the industry lacks clarity on to which data qualifies under which head and hence is not equipped to take necessary precautions.
“The problem gets aggravated when data collection and processing are done by different agencies, in which case, each fiduciary will have to take consent at every step of the operation,” said the report.
Telecom Minister Ravi Shankar Prasad, while introducing the Personal Data Protection Bill, 2019, in the Lok Sabha on December 11, announced that the draft Bill empowers the government to ask companies including Facebook, Google and others for anonymised personal data and non-personal data.
However, there are concerns around a provision in the draft bill, seeking to allow the use of personal and non-personal data of users in some cases, especially when national security is involved.
Several legal experts have said the provision will give the government unaccounted access to personal data of users in the country.
Ashish Aggarwal, Senior Director and Head, Policy & Advocacy, NASSCOM, however, said the Indian Data Protection bill will be the basis for consumers to exercise their privacy rights.
“The industry will benefit from increased trust by implementing the law diligently. The IT industry has a huge role in using technology solutions to implement the key principles of the law for both the industry and government, in an intuitive and cost effective manner,” Aggarwal told IANS.
There are other concerns from the industry as well.
Shankar Roddam, Chief Operating Officer, Subex said that the Data Protection bill 2019 talks about monetary compositions like penalties for any abuse or failure to comply with guidelines.
“I personally feel that government should consider sanctions that are being monetary compositions like banning certain privileges for subsidies, funding, directorship, etc. This will help ensure privacy and regulate protection for companies,” Roddam noted.
The experts have demanded clarification in several areas of ambiguity that exists in the draft Bill which need to be better clarified for businesses to fully comprehend the extent of adjustments businesses will have to do to comply with them. (IANS)