Friday, March 24, 2023
  • Login
CEO North America
  • Home
  • Business
    • Entrepreneur
    • Industry
    • Innovation
    • Management & Leadership
  • CEO Interviews
  • CEO Life
    • Art & Culture
    • Food
    • Health
    • Travel
    • Environment
  • Opinion
  • News
  • Multimedia
No Result
View All Result
  • Home
  • Business
    • Entrepreneur
    • Industry
    • Innovation
    • Management & Leadership
  • CEO Interviews
  • CEO Life
    • Art & Culture
    • Food
    • Health
    • Travel
    • Environment
  • Opinion
  • News
  • Multimedia
No Result
View All Result
CEO North America
No Result
View All Result

A Pathway to Industrial Cyber Resilience

in Business, Management & Leadership
A pathway to industrial cyber resilience
Share on LinkedinShare on WhatsApp

Assessing and bracing against cyber vulnerabilities in industrial sectors.

WHY THIS MATTERS

A number of studies suggest that business and government leaders recognize today’s industrial cyber threats but are not yet prepared to fend them off. While cyber-attacks are often cross-border and the threat to industrial companies is global, geopolitical realities and the concentration of industrial activity in certain parts of the world have made threats more acute in some countries.

The numbers are staggering. Ransomware attacks on operational technology (OT) networks soared fivefold from 2018 to 2020. Out of these, manufacturing entities comprised more than one-third of confirmed ransomware attacks on industrial organizations, followed by utilities, which made up 10 percent.

The estimated global cost of these ransomware attacks? It too has skyrocketed and is predicted to reach USD20 billion in 2021 — up from USD325 million in 2015.3 Operational disruption due to ransomware in OT environments has seen a 23-fold increase. In 2020, there was a 32 percent increase in ransomware attacks against energy and utilities organizations.4 Adding to the bad news for the sector, of course, is the fact that ransomware attacks continue to grow in sophistication. Additionally, attacks have increasingly targeted industrial control system (ICS) environments like oil-and-gas and manufacturing.

The dramatic evolution of today’s cyber-threat landscape

Threat actors continue to raise their game. Cybercriminals are continually changing tactics in an effort to avoid detection, increase their prospects for success and maximize their returns on ransomware attacks, including:

— The increasing use of close-knit syndicates of organized crime groups;

— Taking time to become more familiar with the operations of potential victims;

— Targeting attacks more precisely using legitimate documents that identify potential victims for malware delivery;

— Selling and buying direct access for rapid ransomware attacks instead of conducting advanced intrusions which are often more time consuming and costly

The motives for attacks can vary.

How do attackers choose their victims? Motives can vary and they are often supported by the illegal sale of passwords, tools and techniques to access corporate networks, which is also on the rise. Beyond financial gains, targeted ransomware attacks can involve diverse motives such as ideological or political factors. Regardless of motive, however, adequate security measures remain indispensable in order to effectively manage attacks.

Supply chains are enduring new threats.

Improved ecosystem hygiene is pushing threats to the supply chain, turning friends into unsuspecting ‘enemies.’ Global inter-connectedness of businesses, wider adoption of traditional cyber-threat counter measures, and improvements to basic cyber security are prompting threat actors to pursue new approaches that increasingly target supply chains — including software, hardware and cloud services.

OT/ICS infrastructure vulnerabilities demand costly solutions.

The discovery in recent years of vulnerabilities in programmable logic controllers (PLCs), human-machine interface (HMI), historian or engineering workstations all represent a high risk to organizations. In some cases, where vulnerabilities in critical infrastructure are targeted, operations could be impacted physically — causing safety hazards and even lead to loss of life.

In the crosshairs of geopolitics.

As new threats emerge, businesses may be facing the negative impact of geopolitical tensions and nation state cyber threats. These cyber-threat actors can take advantage of new capabilities as new technologies enable more sophisticated tactics, techniques and procedures (TTPs) which are focused to OT/ICS environments

Cyber resilience

According to the US Department of Homeland Security, cyber resilience is meant to ensure that business systems continue to perform mission-critical functions during a cyber-attack. Cyber resilience is particularly important for a subset of critical infrastructures known as lifeline sectors or strategic infrastructures. And it’s not just the US putting extra emphasis on the cyber resilience for critical infrastructure.

The EU’s 2016 NIS Directive is continually evolving to enhance cyber capabilities among critical infrastructure. The EU is also preparing to launch the Digital Operational Resilience Act (DORA), which aims to bolster cyber resilience for financial services among the lifeline sectors.

Additionally, the National Cybersecurity Authority in Saudi Arabia has mandated all sectoral regulators to develop sector specific frameworks to support the country’s cyber security strategy and regulation.

Distinguishing cyber resilience from cyber security

A key point that differentiates cyber resilience from cyber security is that cyber resilience capabilities continue to function even after an adversary has penetrated the security perimeter of a network to compromise cyber assets. Even at the later stages of the cyber-kill chain, cyber resilience can help to prevent adversaries from gathering intelligence on, exfiltrating data from, or taking control of mission-essential systems. A tailored cyber resilience program can serve post compromise along with a designed handbook for achieving cyber resilience outcomes based on a system engineering perspective on system lifecycle processes. The tailorable nature of engineering efforts and lifecycle processes ensures that systems that apply cyber resilience design principles are sufficient to protect stakeholders from the loss of key assets and the associated economic and national security consequences. Engineering cyber-resilient systems to combat today’s evolving threat landscape involves the following characteristics that should be considered when designing new systems or enhancing existing ones.

Cyber resilience value at the enterprise level

Due to the inherent complexity and dynamic nature of cyber-resilience techniques, initially deploying and maintaining appropriate cyber resilience can cost more than deploying and maintaining traditional cyber security measures. But despite their higher deployment and maintenance costs, cyber resilience can cost the enterprise less than traditional cyber security measures when assessed on a lifecycle-cost basis, given the ability of cyber resilience capabilities to withstand attacks and ultimately avoid costly enterprise downtime and lost revenues. A sophisticated cyber-attack designed to shut down a critical infrastructure enterprise could paralyze the enterprise for several weeks, rather than just several days with less-sophisticated attacks. Calculating the estimated potential loss of revenue and customers, compared to the cost of implementing cyber resilience design principles and techniques, is what determines whether cyber resilience is cost effective for the enterprise

Cyber resilience value at the societal level

Even if a cyber resilience investment does not yield a net economic benefit at the enterprise level, it may still yield an economic benefit at the societal level. Critical infrastructure firms who know that a shutdown of their enterprise would have ripple effects throughout the region in which they operate should be able to make that case to their governments. When an enterprise cannot make the business case for its own cyber resilience, but recognizes how dependent other enterprises are upon them, they can make the business case at the regional societal level.

Courtesy KPMG. Get the full report and PDF here

Tags: Cyber ResilienceCybercrimeDigital threatsKPMG

Related Posts

When cutting costs, don’t lose sight of long-term organizational health
Business

When Cutting Costs, Don’t Lose Sight of Long-Term Organizational Health

U. S. Businesses need to be more prepared for physical risks
Business

U.S. Businesses Need to Be More Prepared for Physical Risks

Keeping track of communications when going remote
Business

Keeping Track Of Communications When Going Remote

Research: the complicated effects of pay transparency
Business

Research: The Complicated Effects of Pay Transparency

Esg outlook 2023: greater scrutiny on companies & investments
Business

ESG Outlook 2023: Greater Scrutiny on Companies & Investments

Upwork study finds 60 million americans freelancing in 2022
Business

Upwork Study Finds 60 Million Americans Freelancing in 2022

Global tech spend will slow to 4. 7% in 2023
Business

Global Tech Spend Will Slow To 4.7% In 2023

What’s hot this year in supply chain technology
Business

What’s hot this year in supply chain technology

The pros and cons of using ghost jobs in your recruiting strategy
Business

The Pros and Cons of Using Ghost Jobs in Your Recruiting Strategy

Remote work, intermittent leave make fmla compliance more challenging
Business

Remote work, intermittent leave make FMLA compliance more challenging

No Result
View All Result

Recent Posts

  • Symbotic’s CEO Rick Cohen shines a light on the consumer goods supply revolution
  • CEO John Wynne outlines how Fortis Solution Group is disrupting the packaging industry
  • CEO Keh-Shew Lu explains how Diodes Inc is pushing the frontiers of connectivity
  • CEO NA Andrea Pirondini explains why the Prysmian Group is best-in-class at cable solutions
  • Eric Clark on how ONE NTT is driving client-led innovation

Recent Comments

    Archives

    Categories

    • Art & Culture
    • Business
    • CEO Interviews
    • CEO Life
    • Editor´s Choice
    • Entrepreneur
    • Environment
    • Food
    • Health
    • Highlights
    • Industry
    • Innovation
    • Issues
    • Management & Leadership
    • Multimedia
    • News
    • Opinion
    • PrimeZone
    • Printed Version
    • Travel
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    • CONTACT
    • GENERAL ENQUIRIES
    • ADVERTISING
    • MEDIA KIT
    • DIRECTORY
    • TERMS AND CONDITIONS

    Editorials – stuart.james@ceo-na.com

    Advertising – media@ceo-na.com

    NEW YORK

    110 Wall St.,
    3rd Floor
    New York, NY.
    10005
    USA
    +1 212 432 5800

     

    MEXICO CITY

    Paseo de la Reforma 296,
    Floor 38
    Mexico City
    06600
    MEXICO

    • CONTACT
    • GENERAL ENQUIRIES
    • ADVERTISING
    • MEDIA KIT
    • DIRECTORY
    • TERMS AND CONDITIONS

    Editorials –
    stuart.james@ceo-na.com

    Editor-In-Chief –

    caroline.sposto@ceo-na.com

    Editorials – editorials@ceo-na.com

    Advertising –
    media@ceo-na.com

    NEW YORK

    110 Wall St.,
    3rd Floor
    New York, NY.
    10005
    USA
    +1 212 432 5800

    MEXICO CITY

    Paseo de la Reforma 296,
    Floor 38
    Mexico City
    06600
    MEXICO

    CEO North America © 2022 - Sitemap

    No Result
    View All Result
    • Home
    • Business
      • Entrepreneur
      • Industry
      • Innovation
      • Management & Leadership
    • CEO Interviews
    • CEO Life
      • Art & Culture
      • Food
      • Health
      • Travel
      • Environment
    • Opinion
    • News
    • Multimedia

    © 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In