Here's What May Surprise You About the State of Industrial Security in 2021

Blog

/

Industrial Security

Here's What May Surprise You About the State of Industrial Security in 2021

Content

Threatswitch Team

Published

June 9, 2021

There really aren’t adequate words to describe 2020.

It was a year that no one saw coming – not even those who live and breathe a world of risk assessment.

And everyone was affected.

After such a year, it’s even more important than ever to take a look at where we’re at and

what’s coming in 2021 for industrial security.

We’re going to give you a brief overview of what we learned and then you can download the full report for more in-depth information.

Here’s what you need to know about what to expect in industrial security in 2021.

Who We Surveyed

Respondents from 16+ diverse industries took part. And when we say “diverse,” that’s exactly what we mean.

From construction and manufacturing to healthcare and higher ed, we really ran the gamut. Here’s a breakdown:

Aerospace and defense
Consulting and professional services
Information technology and services
Computer software
Engineering
Electronics
Higher education
Computer and network security
Manufacturing
Facilities operations and management
Construction
Government contracting
Semiconductors
Oil and energy
Healthcare
Banking and finance
And a small percentage of “other” industries.

As far as the size of the companies, we surveyed those that had less than 100 employees, all the way up to those that have more than 5,000, with revenues from $0-$50 million, to those that make more than $1 billion.

Biggest Threats

According to our survey subjects, the three biggest threats in 2021 are phishing, social engineering, and remote work.

We weren’t surprised that companies are worried about the vulnerabilities presented by work-from-home situations.

What was more curious was what wasn’t high on the list: supply chain security. (Only 7% of respondents said this was the highest risk.)

Priorities for 2021

A whopping 74% of those participating in the survey think that the Cybersecurity Maturity Model Certification (CMMC) will require a significant amount of both time and resources in 2021.

While CMMC led the pack by a huge margin, the other industrial security compliance priorities were CUI, NIST, and then, insider threat.

Effects of COVID-19

Of course, the global pandemic would have a place here. Everything in our society was affected.

So, we asked our respondents to fill us in on the impact COVID had on the security of their businesses or industries.

Here are a few of the highlights:

60% had to put new policies and procedures in place to handle a remote workforce.
32% invested in new tech hardware for remote workers.
21% struggled with balancing federal security rules with adapting to COVID.

The Problem of Government

It seems that the highest percentage of respondents list a lack of clarity by the government and regulators on how to comply with rules and regulations as the biggest obstacle to an industrial security program.

Following the lack of clarity, respondents cite a lack of internal support and silos between internal departments that need to cooperate as the next largest barrier to security programs.

Key Lessons

While it may take a while to see the full effect of COVID-19 and the changes in industrial security it brought about, there are some important takeaways from what we’ve seen so far.

1. “Back to Work” Looks Different

Some changes resulting from the pandemic will remain, whether you’re back in the office or working remotely.

2. Security Compliance Management Software is the Way to Go

Out with the old, in with the new. With increased regulatory requirements, manual processes and legacy tech aren’t enough anymore.

3. Traditional & Information Security Look More Alike

You’ve probably heard the saying, “Every job is becoming a tech job.” When it comes to security, the same idea holds true, because every industrial security issue is becoming a cybersecurity issue.

Bottom line, tech specialists need to be more aware of policies and physical security, and those in traditional security should shift their thinking to include more in the realm of cybersecurity.