BLOG

Here we share our expertise, learnings and news

MORE BLOG POSTS

3 misconceptions
about industrial security

Steffen Zimmermann's expertise on security in your company

Ransomware, cyberattacks and security standards are unpleasant topics that are often put on the back burner for more important tasks. But if you don’t take an in-depth look at industrial security, you put your company at risk. To help you get started, we spoke with expert Steffen Zimmermann in a podcast and summarized everything you need to know here.

Content

Who is Steffen Zimmermann?

  • Steffen Zimmermann heads the VDMA's competence center for industrial security.
  • He has been accompanying developments in the field of industrial security for 20 years.
  • Steffen Zimmermann primarily supports machine and plant builders and policymakers in security issues.
Steffen Zimmermann Industrial Security
Steffen Zimmermann

When are companies safe? 3 misconceptions:

Why is industrial security so important and why are companies still not paying enough attention to it? This is mainly due to the widespread but unfortunately wrong image of industrial security:

Misconception 1: "Industrial security is a topic for people in the IT department."

According to Steffen Zimmermann, anyone who does not view cyber security as a management issue is acting with gross negligence. Not only because attacks are becoming more frequent, but also because more and more customers expect fully answered security questionnaires. If the IT security law of the EU or the regulation in Germany is disregarded, the management and not the IT employees are liable. It is therefore no longer sufficient for only IT specialists to deal with the company’s security.

Misconception 2: "All you need for industrial security is the right hardware and software."

You can't buy security.

Steffen Zimmermann

That’s how Steffen Zimmermann puts it, because technology alone can never be the only solution. For the interaction between people and technology to work, management must invest in more than just technology:

  • Products must be securely developed and updateable by the suppliers. Companies should therefore know which partners they can rely on.
  • In the event of an attack, a company must be able to rely on the help of the authorities. Therefore, it is important to to build good communication between the authorities and the company in advance.
  • Employees are the decisive factor in establishing industrial security. The threat can only be contained through basic training and regular reminders of the measures to be taken. This is because the majority of cyberattacks happen due to a lack of awareness on the part of employees. Phishing emails are clicked, unauthorized USB sticks are used, people work in public - these examples sound almost ridiculous, but they happen far too often and have devastating consequences. Make an investment in your employees and thus in your safety at the same time!

Misconception 3: "The company is safe."

The only sure thing about industrial security is that no matter what is done and bought, it never fully protects against attacks. Industrial security is an ongoing process that can never be completed because technologies and attack methods evolve. Those who feel absolutely safe and do not revise their measures risk greater damage than those who expect an attack and continuously adapt to technological changes.

What measures are necessary for industrial security?

To ensure that you are in a position to take the right measures and entrust employees with the task of looking after the company’s safety on an ongoing basis, four steps are important:

Step 1: Define what you need to protect.

To do this, it is best to start at the top with trade secrets and business processes. The data to be protected can be divided into three areas:

  • IT security: everything that concerns the office
  • OT security: your own production environment
  • Product security: digitally networked products

Step 2: Familiarize yourself with the topic.

You will find many tools, standards and checklists for cyber security online, many of which are even freely available. Take advantage of what’s on offer and work your way through in small steps – then you’re sure to be on the right track!

Step 3: Don't forget: Everyone had to once start.

Some of your colleagues may already be further along in the process, while others, like you, are still at the very beginning. A good opportunity to share experiences and learn from each other is the blended learning training with Dr. Pierre Kobes, the founding father of the IEC 62443 standard.

Step 4: The last and most important step: Don't stop and keep adapting to new developments and standards!

3 Tips from Steffen Zimmermann

If you want to achieve the greatest possible industrial security, you should always be able to answer "yes" to 3 questions:

  • Does my backup work?
  • Do I have someone who can support me offline in an emergency?
  • Have I done everything necessary to ensure that my employees feel well prepared?

Where can I find help on Industrial Security?

Find our more about out Industrial Security Training.

LEARN MORE NOW
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Don't miss a thing

Subscribe to our newsletter and get the latest news on events, programs and more!

We're committed to your privacy. University4Industry uses the information you provide to us to contact you about our relevant content, projects, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

More of this topic

About us

How we work

Team

Career

Additional Offerings

Industrial IoT & Connectivity

IT & OT Security

Blockchain

Conversational AI Design

Your Coding Camp

Your Software Developer Onboarding

Self-Service E-Learning

LEGAL

Imprint

Cookie Banner

Privacy Policy

Disclaimer

follow us

Follow us on social media to get all our latest updates.

Linkedin Facebook Twitter Youtube Instagram

Listen to our Podcast
 DIGITAL4LEADERS

Spotify Podcast

© 2024 Education4Industry GmbH

EXCLUSIVE INSIGHTS: STATUS QUO BLENDED LEARNING - DOWNLOAD FOR FREE
WHITE PAPER: INDUSTRIAL SECURITY THREAT RANSOMWARE - DOWNLOAD FOR FREE
INFOGRAPHIC: DIGITALIZATION, DECARBONIZATION, DEMOGRAPHIC CHANGE - DOWNLOAD FOR FREE

WHITE PAPER
INDUSTRIAL SECURITY THREAT RANSOMWARE: WHAT CAN YOU DO NOW?

Free Checklist

Almost every day, well-known companies find themselves in the headlines because they have been the victim of a cyberattack. For a long time now, security training and the development of measures have no longer been about the question of whether one will be affected, but when and to what extent. However, this does not mean that manufacturing companies should just sit and wait until the time comes. In this paper, we have listed what companies can do in advance to delay attacks and be as resilient as possible to attacks.

Sign up now to learn what you can do ALREADY to prepare best for a possible ransomware attack.

After you filled out the form, you will receive an email from us with the free white paper. Please check your spam folder in case your message got stuck there. Please

Schedule an appointment now

Would you like to learn more about our approach?

Have a conversation with one of our experts
about how we as your partner could support you.

By entering your email address, you will accept our privacy policy and receive a confirmation email. Through this email, you have the chance to subscribe to our regular updates. Without your permission, you will not receive our newsletter.

Jetzt Termin vereinbaren

Sie möchten mehr über unseren Ansatz erfahren?

Sprechen Sie mit einen unserer Expert*innen,
wie wir Sie als Partner am besten unterstützen dürfen.

Wenn Sie Ihre E-Mail-Adresse eingeben, akzeptieren Sie unsere Datenschutzbestimmungen und erhalten eine Bestätigungs-E-Mail. Mit dieser E-Mail haben Sie die Möglichkeit, unsere regelmäßigen Updates zu abonnieren. Ohne Ihre Zustimmung werden Sie unseren Newsletter nicht erhalten.