As the digital landscape expands with smart homes and Industry 4.0 technologies, the risk of cyberattacks escalates. Safeguarding and updating software is crucial to fortify digital systems against cyber threats. However, according to ONEKEY’s report, a mere 12% of German industries possess a detailed overview of the software embedded in their devices and systems.
Insights from Industrial Companies Survey
ONEKEY conducted a survey of 300 German industrial companies to gather insights on OT and IoT security. The findings revealed that 44% of companies are actively addressing SBOMs, with 32% having created SBOMs for some networked devices. Surprisingly, only 12% have comprehensive SBOMs for all vulnerable products and systems. A quarter of the companies lack SBOMs altogether, while another 25% are uncertain about their SBOM status.
“The Cyber Resilience Act mandates the inclusion of Software Bill of Materials for all digital products by 2027,” emphasized Jan Wendenburg, CEO of ONEKEY. This EU regulation, unlike a directive, will be immediately enforceable across member states without the need for national adaptation. Compliance with the CRA is crucial for bolstering cybersecurity resilience in the digital era.
Challenges in SBOM Implementation
Jan Wendenburg highlighted the complexity of compiling an exhaustive Software Bill of Materials in an industrial setting. The multitude of devices, machines, and systems, coupled with outdated components and supply chain intricacies, pose significant hurdles for companies. The CRA mandates detailed documentation of software components, version details, licensing information, and more, presenting a formidable challenge for manufacturers.
Creating an SBOM is not a one-time task, as emphasized by ONEKEY. Continuous updates are essential to stay abreast of the evolving cybersecurity landscape. With a plethora of software vulnerabilities being identified regularly, manufacturers must remain vigilant to protect their products from potential threats.
Author: Jan Wendenburg, CEO, ONEKEY
