Implementing cybersecurity systems in a factory or critical infrastructure facility can take several months or even years.

A survey from Kaspersky asked more than 300 industrial organizations to determine the benefits of cybersecurity practices in their facilities. The survey identified five advantages to cybersecurity systems in industrial spaces.

1. Increased cybersecurity skills within the team

The most common benefit organizations mentioned when implementing an operational technology (OT) security project (61%) was a boost of cybersecurity skills within an organization’s team. 

Preparation for implementation includes network analysis, threat modeling, analysis of approaches to protection and many other tasks that offer experience and knowledge to the involved specialists. IT practitioners then must learn how to set up and use the solution, using reporting and analytics to help get the required data on the latest threats.

These practical skills are of high value to specialists. Industry players have confirmed that the demand for OT/ICS security skills and specific expertise has been on the rise for the last several years. Due to the skills gap, 66% of survey respondents have faced significant OT security staffing challenges. 

2. Network and infrastructure optimization

Optimizing networks and infrastructure takes second place with a 58% response rate. Preparations to deploy an OT security solution allow for a critical look at existing infrastructure. This can be a good opportunity to not only become aware of security gaps, but to also reconsider network configurations and equipment used.

Some companies also need to revamp their automation systems so that the cybersecurity solutions are compatible and do not cause disruptions or shutdowns in the production process. Four out of five organizations (81%) have faced the problem of compatibility at least once.

3. Unlocking opportunities for digitalization and IoT use

With a 55% response rate, this benefit is relevant to organizations looking into OT digital transformation. Industrial Internet of Things (IoT) introduces a wide range of security risks and challenges across devices, platforms and operating systems, communications and even the systems to which they’re connected.

4. Pre-implementation security audit helps identify and fix existing security gaps

This previously unknown benefit was confirmed by 52% of industrial organizations. A cybersecurity audit helps give a comprehensive view of the existing IT and OT infrastructure and identify weaknesses as well as possible entry points for a cyberattack. Experts recommend conducting one regularly. 

If the organization performs the audit as part of its OT security solution implementation, it should help ensure that all necessary controllers, SCADA servers and operator workstations are well-protected and that the security solution is configured correctly. It can also reveal any gaps that should be covered with additional measures, such as vulnerable OT equipment or a lack of network segmentation.

5. Establishing processes and boosting management skills 

The final key benefits uncovered have a strong correlation: establishing processes (44%) and boosting management skills (40%). This seems like a logical outcome, as any big project offers people the experience of team and process coordination, giving team members the opportunity to reveal strong skills while improving weaker ones. 

Implementing an OT protection solution involves many parties, such as cybersecurity specialists, OT engineers and operators, external service providers as well as non-IT personnel, such as procurement and even top-level management. In fact, in 55% of organizations, senior executives and board members are involved in the approvals and budgeting of OT security initiatives. These team crossovers can hinder the approvals process and slow down the whole project. So, project leads need to show perseverance and ingenuity to get things done. This presents a good opportunity to improve soft skills. 

For more information on the report, click here.