Shift needed to solving difficult issues impacting fast-digitizing industrial sector, rather than just finding and fixing security vulnerabilities

Summary

A new report from Trend Micro concludes based on years of analysis that fundamental design flaws have created serious cyber vulnerabilities in many widely used industrial products. According to the report,

“We believe that this legacy technology, which is intrinsically difficult to replace, has not been discussed and scrutinized in depth from a cybersecurity perspective. Most of the security analyses thus far have focused on finding and fixing vulnerabilities in the software, not in the design, or else on one, specific target. The design issues that we found broadly affect critical sectors where industrial machines are essential, most notably automotive, avionics, military, food and beverage, and pharmaceuticals.”

These vulnerabilities have allowed hackers to inject malicious code into software that has then been pushed out to many of the world’s largest industrial companies like ABB, Mitsubishi and others.

Part of the challenge with industrial automation platforms is they are built on legacy technologies that were not based on security by design as modern products like smartphones are. This is what makes the problems particularly difficult to fix.

Report

Analysis

As industrial companies accelerate digital transformation throughout their businesses and supply chains, this report is a reminder of why security needs to be at the core of these decisions. Vulnerabilities that reside within the software code that increasingly drives industrial processes, including automation, don’t just threaten data loss but can disrupt operations that pose potential life and death consequences and much larger financial risks for the firms involved.

We also have an idea of what good transformation looks like in the sector versus bad transformation. An examination of Honeywell—a 5-Star rated company—versus 1-Star GE provides concrete examples of how important security and the effective adoption of digital technology is for the business and ultimately its market performance.

As large legacy industrial conglomerates, both Honeywell and GE face similar sector challenges outlined in this report. But they have managed them very differently, and this has implications for every sector their products touch. As the GE report points out, its persistently poor cyber governance performance is a problem not only for GE but also for the global supply chain that it is a part of.

Investors and regulators all have a stake in how industrial companies manage these challenging issues as the shift away from legacy technology systems to digitization continues to gather pace. Moving forward, security-by-design rather than the detection and resolution of vulnerabilities must be the default.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website