I'm a keen scuba diver – keen enough, in fact, to be a qualified rescue diver. It's like a different world deep under water. For a start, I am 100% reliant on my diving equipment just to stay alive.
Over the years I've been diving, friends have often asked me if I am not scared by the inherent risk of deliberately going somewhere where a single mistake could endanger my life. My answer is the always the same – if you know what you are doing, then the risks are very low indeed.
There's an obvious parallel with my day job as the business leader for network security services at Rockwell Automation in the Middle East. If you imagine the world of online connectivity to be as foreign to traditional industrial practices as diving is to strolling around on dry land, then you'll probably see the link.
As industry throughout the world has become more information-enabled, networked and connected, it is also exposed to more inherent risk. The ME region is no more or less vulnerable than any other, but it is underperforming in how it manages that risk.
Alarming statistics suggest that 56% of ME businesses lost more than $500,000 due to cyber security infractions last year compared to 33% globally, and 13% lost at least three working days compared to 9% globally. A further 18% of respondents in the region experienced more than 5,000 attacks, which is higher than any other region, and compares to a global average of only 9% “PwC report (middle-east-cyber-security-survey March 2016)”
It's fair to say that the ME region is behind the curve a little and losing money and productivity as a result. In my opinion, we must stop mumbling about the Stuxnet and Shamoon viruses and go to action.
The ME needs to review its whole approach to Cybersecurity: it is not just an “IT thing” - it should be taken seriously at every level in the company. There is not a single device or software that can protect us - we need to employ a solid defense-in-depth approach to mitigate as much of the risk as possible.
The first step for most companies is to redress the shortfall in security strategies. According to PwC: only 45% of ME companies have a security plan in place compared to 58% globally. It's here that organisations such as Rockwell Automation can help with network security services that bring our customers in line with local Cyber Security regulations such as NESA, Qcert and Ocert.
Like diving, modern industry is never going to be entirely free of risk. When it comes to protecting your business, it pays to take the security of industrial applications as seriously as a diver takes the integrity of his equipment.
With that in mind, here are my top diver's tips for industrial security:
They say that in the modern industrial environment information flows like water. Global industry, and the ME region in particular, might benefit from thinking like a diver to make sure it flows where they want it to and doesn't drown their enterprise. With the solutions already available, there are fewer excuses than ever for leaving your enterprise open to the elements.
You can find out much more about how Rockwell Automation can help with your industrial security.