December is all about celebrating the holidays with friends, family, and loved ones. But it’s also the time for setting intentions. What will you focus on in the year ahead? If you’re operating in the OT space, we have one motto to suggest for 2024 – protect first. If the last few years, including 2023, have taught us anything, it’s that cybersecurity is essential. The key to implementing it is by prioritizing the right steps.
Benefit of a Protect First Approach #1 – Save Time and Money
In discussing strategy with the IT team of a client, they explained that they’re trying to get a handle on where exactly to start when it comes to OT. Their playbook thus far has been to conduct asset identification, followed by network segmentation and mitigating vulnerabilities. This isn’t wrong. You do want to figure out what you have on the network, including OT and IT, and then patch any vulnerability exposure in order to reduce your attack surface. However, the challenge is that this process is very time intensive. And time is money. Jennifer Gregory at Security Intelligence reported that “Breaches detected in less than 200 days cost an average of $3.93 million compared to $4.95 million for those detected after 200 days.”
We compare this approach to starting a game of whack a mole. Once you get into those kinds of exercises, you can’t stop doing them because there is constant change. This is especially difficult to keep up with if you are a smaller organization with less resources. Step in our OT-minded method: protection, visibility and control. They realized protection first, visibility second, and control continuously is a better use of resources and shrinks risk faster. In turn, there is more time to work on cyber hygiene, which boils down to the daily practices that are taken to shield operations
Benefit of a Protect First Approach #2 – Boost Cyber Hygiene
Cyber hygiene is important not only for eliminating the possibility of attacks, but also for insurance purposes. When one company we spoke with in December had a cyber insurance audit, they found out that of the 27 controls for the OT network, 26 failed. Although they were still able to get insurance, their premiums were higher. In fact, when researchers surveyed more than 300 organizations, 79% said their insurance rates increased. The insurance auditor also made sure to note that the two top targets for ransomware over the past few years have been mid level manufacturing and municipalities. The reason for this trend is that there’s money at the mid level. But, there’s not enough money to have a huge team to ensure that all controls are in place. Threat actors are aware of this personnel gap. Therefore, having an automated tool is going to be critical as well as the smartest procedure.
It’s this combination that has companies seeking out DYNICS’ products. We had a proof of concept kickoff meeting with a critical infrastructure utility company that needs to protect their controls network. They are looking at DCC, ICS Defender, OT Network Controller and Fusion data management.
Sources:
- “AI reduces data breach lifecycles and costs” – Jennifer Gregory, Security Intelligence
https://securityintelligence.com/articles/ai-reduces-data-breach-lifecycles-and-costs/ - “What is cyber hygiene and why is it important?” – Alissa Irei, TechTarget
https://www.techtarget.com/searchsecurity/definition/cyber-hygiene - “Time and effort to obtain cyber insurance increasing for US businesses” – Michael Hill, CSO
https://www.csoonline.com/article/650609/time-and-effort-to-obtain-cyber-insurance-increasing-for-us-businesses.html