IT and OT are merging more and more, with the effect that production environments can also be directly affected by cyber attacks. A particularly drastic example occurred last year when hackers paralyzed Toyota's entire production facility.
Nils Gerhardt, Chief Technology Officer, from Utimaco shows five principles that companies should observe in order to secure their production in the best possible way.
Encrypt sensitive data
Software-based data and folder encryption ensures that, if in doubt, criminals cannot do anything with stolen data. This means that trade secrets are protected even if a company falls victim to a hacker attack. Effective encryption with role-based access control also helps meet data protection regulations such as GDPR. When looking for a suitable solution, industrial companies should consider a few points: First, it is important to check whether a provider can provide suitable evidence of meeting local compliance regulations. The encryption process should also be carried out in such a way that it is as transparent as possible, meaning that it has little impact on employees. Especially in the production environment, it is important that a solution can run on different devices and platforms. It should also protect data not only at rest but also in motion and, above all, support work in the cloud.
Manage keys securely
A safe is only safe as long as the associated key does not fall into the wrong hands. The situation is similar in the digital space. The protected storage of cryptographic keys is a cornerstone of all data security. Losing or compromising a key instantly destroys a company's data security protocols. Therefore, special vigilance must be exercised at this point. In the best case, companies use hardware security modules to generate and manage keys. Compared to software-based solutions, these have the advantage that they can practically not be attacked remotely because the keys themselves are never read into the main memory of a computer.
Share data securely
In industries in which the vertical integration is sometimes well below 50 percent, sharing data with upstream or downstream players within the value chain is elementary. Unfortunately, data exchange is often still a weak point in companies' security strategies. You should therefore make sure that data encryption solutions also enable secure release - without overwhelming employees or partners. In the age of IoT, the automatic exchange of data between devices is becoming increasingly important. In this case, tokenization can be used. In this process, sensitive data for transmission is replaced by tokens that are essentially worthless. This makes attacking communication channels and intercepting the data transmitted there useless.
Sign digital communications electronically
One of the most important attack vectors is and remains phishing. Attackers sometimes pose as members of the company in order to obtain access data from employees or persuade them to take certain actions. In large companies and/or when a larger portion of the workforce works from home, it can be difficult to assess the authenticity of an email. Electronic signatures can be an effective way to combat this form of identity theft.
Stay up to date
Quantum computers may initially sound like science fiction, but the technology is making gradual progress and it can be assumed that it will be put to practical use within the foreseeable future. Unfortunately, from this point on it won't be far before it falls into the wrong hands. With the superior computing power of quantum computers, malicious actors could crack conventional encryption that was previously considered very secure. In the area of industrial espionage, state actors must always be expected who have completely different resources at their disposal than profit-oriented hacker groups. Companies whose business models are based on intellectual property should therefore address this impending danger today. Your security solutions should be “quantum-ready,” meaning that they can be updated as needed with new algorithms that are also secure against quantum computers.
More at Utimaco.com
About Utimaco
Utimaco is a global leader in high-security cybersecurity technologies and compliance solutions and services headquartered in Aachen, Germany and Campbell (CA), USA. Utimaco develops and produces on-premise and cloud-based hardware security modules, key management, data protection and identity management solutions, as well as data intelligence solutions for regulated critical infrastructure and public alert systems. Utimaco occupies a leading market position in its core areas. More than 500 employees serve customers and citizens worldwide by developing innovative security solutions and services that protect their data, identities and networks. Partners and customers from a wide range of industries value the reliability and long-term investment security of Utimaco security solutions.
Matching articles on the topic