Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Blue Label Telecoms to change its name as restructuring gathers pace

      11 July 2025

      Get your ID delivered like pizza – home affairs’ latest digital shake-up

      11 July 2025

      EFF vows to stop Starlink from launching in South Africa

      11 July 2025

      Apple plans product blitz to reignite growth

      11 July 2025

      Nissan doubles down on South Africa despite plant uncertainty

      11 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025

      Grammarly acquires e-mail start-up Superhuman

      1 July 2025

      Apple considers ditching its own AI in Siri overhaul

      1 July 2025
    • In-depth

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025
    • TCS

      TCS+ | MVNX on the opportunities in South Africa’s booming MVNO market

      11 July 2025

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025
    • Opinion

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » Compliance does not equal OT network security

    Compliance does not equal OT network security

    By Skybox Security24 February 2022
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Research reveals operational technology (OT) security leaders believe maintaining compliance with regulations is their top concern. Today’s threat landscape necessitates more.

    One of the key findings from Skybox Security’s research report, Operational technology cybersecurity risk underestimated by operational technology organisations, is that “maintaining compliance with regulations and requirements” is the most common top concern of OT security decision makers.

    Learn how to de-risk your OT environment

    It is easy to see why compliance is a concern: mandates often change, are hard to interpret and are often overwhelming. In the OT environment, security requirements and methodologies are many. For example, there are:

    • STIG compliance requirements
    • NERC CIP compliance
    • Compliance with Fair Methodology
    • Cyber Value at Risk (CVAR) model

    So, while compliance is the primary concern across many different functions, it is not — by itself — a silver bullet against bad actors. Why not?

    Compliance is only one part of a bigger security picture

    Compliance frameworks give insight into fine-tuning the technologies in place, but compliance is only one facet of security meant to explain how things are progressing for just that unique, specific area of concern. For instance, the focus of NIST 800-41 is just security controls and firewalls and only ensures compliance at a network’s perimeter and zone-to-zone access. That’s it. It does not address the entirety of an enterprise and its components. That’s hardly the full spectrum of security measures needed for user identity, virtualisation or container security.

    What are some of the main reasons for the misconception that compliance is good enough? Part of that comes from standardisation — a culmination of ratified thoughts. Like that old gum advertisement, “four out of five dentists recommend Dentine for those patients who chew gum”. It’s not an absolute endorsement, but it lends credence.

    Satisfying checklists does not ensure OT security

    Many companies invest a lot of time and money on resources and technology to secure their environments, specifically meeting auditor requirements. When companies pass and satisfy the checklist, it can be easy to assume they have fulfilled the criteria and, therefore, must be safe. “We have the paperwork to prove it!” Unfortunately, this wishful thinking often leads to gaps in security.

    For instance, the research revealed that security teams greatly underestimate the critical risk of a cyberattack to their crown jewels. For example, 56% of all respondents are highly confident that their organisation will not experience an OT breach in the next year, yet 83% said they had at least one OT security breach in the prior 36 months. With regards to compliance, this says to me: “I’m compliant but continue to be vulnerable to breaches.”

    Consider the phrase “you’re only as strong as your weakest link”. Imagine a square table and three of the four corners are monitored for compliance. All three sides pass, but the fourth corner is a question mark. But those responsible for the other three corners can point that they are compliant. Never mind that the fourth corner is not. The whole table collapses. Or in the case of an OT organisation, you are breached. One exposed vulnerability is all an attacker needs to wreak havoc on your business, and compliance alone won’t stop them.

    With Skybox, you’re compliant. But more importantly, you’re secure.

    Don’t sweep your cybersecurity vulnerabilities under the rug

    To put all your faith in compliance is akin to sweeping your security vulnerabilities under the rug. It’s putting your head in the sand. Don’t think for a moment that compliance is all you need. That’s a recipe for getting sucker-punched at 3am when you discover your plant machinery is held hostage with a significant production schedule due for delivery that same day.

    OT organisations must up-level their security and place equal importance on vulnerability management as they do on security policy and compliance management. This requires a platform that can visualise and analyse OT, hybrid and multi-cloud networks, providing full context and understanding of the attack surface. OT organisations can use this intelligence and context to increase the overall strength of their cybersecurity controls, processes and compliance programmes.

    Find out how Skybox can help you with your audit and compliance needs.

    Learn how to de-risk your OT environment.

    About Skybox Security
    Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics and automation to quickly map, prioritise and remediate vulnerabilities across your organisation. The vendor-agnostic solution intelligently optimises security policies, actions and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected. We are Skybox.

    Visit www.skyboxsecurity.com for more information or check out all the recent Skybox Security content on hub.techcentral.co.za/skybox.

    • This promoted content was paid for by the party concerned


    Skybox Skybox Security
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleAll the ways you can connect with TechCentral
    Next Article BK Bookbinders keeps pace with Altron and Xerox

    Related Posts

    4 tips for exposure management of your business applications

    19 February 2025

    Network professionals lose nearly half their week to manual tasks that could be automated

    3 December 2024

    Skybox: half of firms fear security incidents due to siloed network and security teams

    17 October 2024
    Add A Comment

    Comments are closed.

    Company News

    $125-trillion traded: Binance redefines global finance in just eight years

    11 July 2025

    NEC XON welcomes HPE acquisition of Juniper Networks

    11 July 2025

    LTE Cat 1 vs Cat 1 bis – what’s the difference?

    11 July 2025
    Opinion

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.