Strengthening Industrial Cybersecurity: Balancing Remote Access and Risk Concerns

Survey Reveals Concerns Over Industrial Secure Remote Access’s Associated Risks

A survey conducted by Takepoint Research for Cyolo revealed that even though industrial secure remote access (I-SRA) is deemed necessary by industrial organizations, cyber threats associated with it have raised concerns. The report, titled “The State of Industrial Secure Remote Access,” exposes the responses of more than 200 cybersecurity, IT, and engineering professionals from small to large-sized organizations in North America, Europe, and other regions around the world.

Importance of Industrial Secure Remote Access (I-SRA)

According to the survey, the majority of organizations saw I-SRA as an answer to allow third-party access, increase productivity, gather data, and reduce expenses. In the oil and gas industry, 83% of organizations saw the need for third-party access, while data collection was necessary for 72% of organizations in the manufacturing sector. Various reasons could explain this depending on each organization’s business context, industrial, regional, and company-specific factors, such as labor availability and cost, operational data utilization for productivity, and safety enhancement.

Concerns Over Industrial Secure Remote Access (I-SRA)

Regardless of the size and number of connections to industrial organizations’ systems, the survey reveals that all organizations have voiced concerns about the risks associated with remote access. Respondents are wary of threats to operational technology (OT), advanced persistent threats (APTs), malware, and misconfigurations. The survey also highlighted that all industries have lower confidence in their current I-SRA security solutions than the risks they are battling. The need for remote access to critical systems is a must for operations, even if the access is far less secure than industry professionals would like.

Minimizing Risks for Industrial Secure Remote Access (I-SRA)

To offset the risks, industrial organizations are implementing defense-in-depth measures, segmenting access, improving authentication and identity and access management (IAM), and air-gapping critical systems. However, concerns remain, including lack of visibility, user education, access control, and obsolete operating systems.

Cyolo’s Recommendations

Cyolo provided recommendations based on their report’s findings. They suggested adopting a zero-trust approach to identity-based access solutions. Zero trust implements strict identity verification and enforcement and provides access control based on a user’s identity and device trustworthiness. The identity is not solely dependent on a user’s IP address or network location, but solely on a user’s identity and device conformity. Additionally, Cyolo suggests carefully following regulations, user education and awareness, and engaging a third-party to assist remote access implementation best practices.

Conclusion

The Takepoint Research survey conducted by Cyolo revealed that despite the perceived importance of I-SRA, cybersecurity professionals are concerned about the risks associated with remote access. Whether it is operational technology (OT), advanced persistent threats (APTs), or malware, there remains a disconnect between the level of concern and confidence in the efficacy of existing I-SRA solutions. Although defense-in-depth measures, identity verification and access management, and air-gapping are heavily relied upon, other concerns, such as lack of visibility, outdated operational systems, user education, and access control, are addressed lightly, leaving industrial organizations vulnerable. Hence, industrial organizations must opt for a zero-trust approach to remote access to enhance operational productivity while minimizing risks and maintaining effective I-SRA implementation.