In first few years of this millennium, cybersecurity was more about protecting people and organizations from traditional threats such as malware, social engineering attacks, website defacing, hacktivism, etc. Last few years have witnessed increased sophistication and intensity in cyber-attacks, which are now oriented towards financial crime, industrial espionage and have even targeted governments and critical infrastructure from time to time.

In era of Industry 4.0, the organizations are hyper connected with their smart devices and smart networks. This presents a very lucrative target for the cyber criminals who find many more easy and insecure entry points into networks and devices. Botnets1 have become the weapons of choice to carry out DDoS and crypto-jacking attacks. Cyber-attacks on critical infrastructure and strategic industrial sectors have become more frequent and sophisticated. These not only cause disruption in the normal functioning of societies2 but have crippling effect on the morale and psyche of the victim countries. Ukraine has unfortunately faced the brunt of multiple such attacks on their energy grid, forcing blackouts in some regions3 . In the US, attacks on the energy grid are attempted on a daily basis, but strong cyber security mechanisms have ensured that minimal damage is inflicted.

As new threats, techniques and attack vectors emerge, the focus of cybersecurity is slowly but surely shifting away from classic perimeter based approach to a 360 degree orientation.

This is required to protect hyper-connected systems, network and data of this generation from damages and unauthorized access. This is accepted by the CEOs of Fortune 500 companies, who identify the pace of technological change and cybersecurity as the biggest challenges they face today.

Cybersecurity should no longer be viewed as a function of information technology or information security alone. It needs to form an integral part of culture and strategy of the organization. It should be reflected in each and every facet of the organization, right from the strategy to the behavior of an individual employee. Such an integrated cybersecurity vision aligns business functions of the organizations with needs of the stakeholders and becomes a more acceptable strategy.

History of cyber attacks

https://www.ey.com/Publication/vwLUAssets/ey-cybersecurity-for-industry-4-0/$File/ey-cybersecurity-for-industry-4-0.pdf