Anyone watching the news can see that cybersecurity management is becoming increasingly relevant for industrial companies. Recent analysis performed by insurance carriers indicates that the incidence of cyberattacks faced by manufacturing companies is 30 times higher than it was in 2012. For technology companies, it has risen by a factor of 20. Just within the last year, iconic companies from practically every major industry have been breached, whether that was X-FAB in semiconductors or Honda in the automotive sector.
While this has been happening over the past half decade, both the number of cybersecurity vendors and cybersecurity technologies have mushroomed, with companies spending more to defend against threat and investing significant capital into research and development. So why are we still seeing exponential growth and, perhaps more importantly, success in industrial cyberattacks?
According to Pranav Patel, CEO of ResiliAnt, an industrial cybersecurity brand, and MediTechSafe, a health care cybersecurity brand, cybersecurity maturity is the next frontier organizations must focus on. This essentially comes down to cybersecurity management, and it can follow the path of other critical business levers, such as growth, productivity, quality or safety.
“You probably know about 72% of attacks in manufacturing involve some sort of human factors, such as error, misuse or theft,” Patel said. “Let’s take an example: If you have an employee who you needed to work on some sensitive project, you probably provide him or her access to the sensitive information. Now the question around maturity is: When the project is over, have you revoked his or her access?”
Maturity, Patel said, can hinge on a number of factors like this. For example, if you have a firewall, is it configured well? You may have a patch management program, but what’s the duration between patching cycles? Similarly, what is your password management policy? Do people use default or weak passwords?
Many tend to brush off the importance of this kind of maintenance, trivializing it in comparison to the big, fancy technical solutions available. But technology, and the information technology (IT) department, where most of the responsibility tends to fall, are not the end-all, be-all.
“Choosing what controls, technology, tools you put in place, it’s about strategic excellence, and that happens in a lot of ways,” Patel said. “But maturity is about operational excellence, to get the most out of what you have.”
Having a robust strategy, building engagement and realizing operational excellence takes organization, and that starts at the highest levels. There needs to be buy-in from top to bottom, so the importance of cybersecurity and protecting against threat becomes an essential piece of a company’s DNA.
For Part 2 of our interview with Pranav Patel, he will discuss what industrial organizations need to do to achieve maturity. And watch for future installments from our expert interview series in the coming weeks.
Increasing Industrial Cybersecurity Threat: CEO Interview Series, John Livingston, Verve Industrial
Cyberattacks on SolarWinds and Oldsmar: CEO Interview Series, John Livingston, Verve Industrial