Security News > 2024 > July > Dragos: Industrial Cyber Security Basics Can Help Protect APAC Operational Technology Operators
Industrial cyber security in APAC is still lagging behind enterprises, but having some basic hygiene and a plan in place is "Light years" better than nothing, according to director of incident response at operational technology cyber security firm Dragos Lesley Carhart.
Dragos has seen organisations implementing incident response plans and security monitoring; this puts them "Light years ahead" of those with no plan and no retainers or team for cyber security, but Carhart said they need to test assumptions to do tactical things behind strategy.
There has been "Decades of misunderstanding" between process engineering teams and those responsible for cyber security in the industrial technology space, Carhart said.
"We've tried to impose enterprise cyber security controls on process environments, and you just can't do that due to things like vendor presence and the age and sensitivity of the equipment. It can be hard to get movement in implementing modern security controls."
"You certainly can't implement modern, agent-based security controls. None of the security tools you see at security conferences for enterprise environments, like XDR or EDR tools, none of those function well in process environments because of all those things," Carhart said.
It outlines how industrial organisations can create an Industrial Control System or operational technology security program to mitigate many cyber risks.
News URL
https://www.techrepublic.com/article/industrial-cyber-security-dragos-apac/