Companies should spend more on IT systems to combat cyber attacks: Study

Companies should spend more on IT systems to combat cyber attacks: Study

Wednesday August 02, 2017,

2 min Read

The focus and spending on information technology (IT) systems by business organisations in India needs to be complemented with similar efforts in operational technology (OT) and consumer technology (CT) systems to combat cyber attacks, said a recent ASSOCHAM-PwC study.

"Currently, such initiatives are not taking place, thereby leading to a rise in attacks by cyber criminals," the study stated.

The study, titled ‘Protecting interconnected systems in the cyber era,' stated that the OT and CT systems have long been used in industrial and end-user products to monitor and control physical processes.

"Traditionally, these technologies have been air-gapped, in that they are segregated from the IT network. However, OT and CT systems are becoming increasingly interconnected and integrated with other IT systems."

"Economic challenges, resource constraints, business requirements and technology standardisation have made it impractical to continue completely segregating OT and CT networks from IT networks," noted the ASSOCHAM-PwC study.

With an increase in the usage of information and OT and CT in critical infrastructure, overall effectiveness has increased. However, these elements have also become the target of choice for attackers since they recognise the impact of disrupting the routine way of life, it said.

"A national strategy to secure critical infrastructures requires collaborative efforts through timely information sharing across critical sectors," the study said.

It added: "Timely information on events and incidents to critical infrastructure stakeholders, for potential cross-sectoral impacts, would help in appropriate response mechanism. National-level cross-sector forums could be established to institutionalise the cooperation between various critical sectors."

The study also impressed upon the need for setting up a sector-specific nodal body for designing plan, advisories and guidelines to manage and govern overall cyber security aspect for the sector and enhance public-private partnerships.