Page 14 - EngineerIT June July 2025
P. 14
CYBERSECURITY
From risk assessment to protection:
how to build an effective security
strategy in industrial enterprises
ndustrial sectors face escalating cyber threats that jeopardise operations, With a clear asset baseline established,
safety, financial stability and further technological development. In organisations can conduct meaningful
I2024, 40% of industrial organisations globally reported cyber incidents risk assessments that allow to meet
according to Kaspersky. Proactive cybersecurity measures are a necessity corporate risk criteria and account for
to ensure business continuity, regulatory compliance and protection against both cyber and physical consequences.
costly breaches. By implementing these measures, businesses can mitigate OT-specific frameworks, such as the
risks, safeguard sensitive data and maintain operational integrity. Purdue Reference Model, help segment
networks into security zones, while
Foundational security includes visibility and risk prioritisation penetration testing
A robust cybersecurity strategy begins with complete visibility, knowing (Black Box, Grey Box, and White Box)
what needs to be protected and where the greatest risks lie. In industrial reveals vulnerabilities from multiple
environments, where IT and OT systems intersect, this requires not only a attacker perspectives. Findings should
comprehensive asset inventory but also a risk assessment methodology provide detailed and actionable
tailored to operational realities. insights into how the identified
vulnerabilities and risks relate to
An accurate, continuously updated inventory of all hardware, software and the production process, so that an
network segments is critical for understanding the attack surface. Industrial organisation could implement effective
environments demand special attention to ICS components, such as security measures.
Programmable Logic Controllers (PLCs), human-machine interfaces (HMIs),
and SCADA servers, which require different security This approach enables risk-based
measures than traditional IT assets. Automated decision-making, ensuring security
discovery tools, particularly those using passive controls (network segmentation, patch
monitoring to avoid disrupting OT processes, help management, access restrictions) are
maintain real-time visibility while minimising blind applied where they matter most. By
spots. quantifying risks in operational and
financial terms, businesses can align
cybersecurity investments with actual
By Emad Haffar, Head of Cybersecurity Consultant threats, safeguarding both productivity
team in the META region, Kaspersky and safety.
14 | EngineerIT June/July 2025