Read why James Sanders says that standard security practices among IT companies do not necessarily carry over to the IT departments of other firms, leading to products sold without basic security measures in place on Tech Republic :
Vulnerabilities in Industrial Control Systems are an outsized threat in the manufacturing sector, and can have ripples in the economy at large—as well as in national security—as this equipment is used extensively across the energy sector. Despite this, vulnerabilities discovered in industrial equipment increased 30% in 2018, according to security research firm Positive Technologies, which announced Thursday the discovery of vulnerabilities in APROL industrial process automation systems made by B&R Automation. This is not by any means a groundbreaking discovery of some byzantine attack strategy—the vulnerabilities discovered are simply a case of ignoring basic security hygiene, such as disabling unencrypted FTP access, removing the finger utility, disallowing SSH access as root (using passwords), rate-limiting unsuccessful login attempts, encrypting VNC access, and disabling anonymous access to LDAP servers.
Read his full article here.