Cybercrime forces companies of all sizes in almost every sector to take stock but, for those organisations that we referenced in an earlier post that make up our critical national infrastructure, the threat of a cyber attack has serious repercussions that reach far beyond the disruption to the individual business. Yet we all depend on the reliable functioning of our critical infrastructure – and to some extent we take it for granted that it will always be there for us.
The risk of a cyber attack is not going away and critical systems such as SCADA and ICS are becoming more vulnerable to attack. A first step in controlling risk is to understand your current risk exposure across all areas of the business and prioritise areas on which it is critical to focus. As these networks are extremely complex and often use proprietary hardware, it is vital that assessment and testing is conducted by specialists who fully understand the intricacies of control networks.
As part of a move towards gaining greater insight into security risks, organisations need to take these steps:
- Evaluate their risk exposure in the context of commercial objectives
- Place current exposure in the context of industry best practice
- Define remedial actions, activities and a longer term strategic roadmap
- Communicate the strategy to key stakeholders across the business
- Repeat the process regularly in order to make more informed decisions and to drive down incidents
The last thing that any organisation wants is to make the headlines following a security breach. The damage to a company’s reputation can be huge, as can the financial and remediation costs. In fact, according to our new global Risk:Value report, a business would have to spend $1.35m on average to recover from a breach. It also reveals it would take, on average, 74 days to recover from an attack.
It is not a case of if it will happen, but when, so it is essential to have a mature, detailed incident response plan, and a starting point for this is good risk insight and a comprehensive real-time view of network activity. Timely incident response is imperative following a breach and many organisations do not have spare resources waiting to leap into action when an incident happens.
Having the right incident response partner to provide the right resources to help the organisation return to business as usual as quickly as possible should a breach occur, is crucial.
Understanding risk exposure, preparing an incident response plan and continuously monitoring and managing risk in your organisation takes time and expertise. You may not have these skills in-house, or you may have tried and failed to recruit people with the right skills – there’s a growing global skills shortage in this sector that will take years to improve.
Many organisations look to outsource these critical functions to reassure themselves that systems are monitored around the clock and experts are on hand to provide essential advice and support when needed.
What is clear is that critical infrastructure and industrial plant control systems are coming under scrutiny from both attackers and defenders. It’s important for every organisation to recognise where it’s at in its own cyber security efforts and where improvements can be made, in order to identify and deal with weaknesses in their infrastructure.
Much is being done to create frameworks and draft legislation. But this will not be enough unless the industry takes control of the problem and finds ways to reduce the ever-present threats. We will get better at identifying, locating and penalising the bad guys to deter the majority of attacks. Until that day, business needs to remain vigilant to protect its own assets.