Given the current nature of the cyber threat landscape, no organization is immune from becoming the target of cybercriminals. Over the past year alone, we’ve seen companies of all types and sizes, irrespective of industry or sector, fall victim to a cyberattack. While previously, digital sectors such as eCommerce companies were the first on the radar of criminals, this has now shifted towards industrial targets.
By Eduardo Di Monte, Cybersecurity Portfolio Strategic Growth Leader, Rockwell Automation
The reason for this change is that often companies in these industries have not updated or enhanced their cybersecurity processes for a significant period. It’s common for legacy systems to still be using the same security protocols they had when first issued, meaning attacks can quickly and easily interfere with operations. There’s a misconception that cyberattacks are increasing with their sophistication or level of complexity, yet in reality, criminals are using well-established tactics and seeking the easiest, most available opportunities.
To enhance their security posture, leaders need to start prioritizing their cybersecurity systems. This starts with understanding where in the company the most common threats exist.
Protect Your Business-Critical Practices
When it comes to cybersecurity, criminals move faster than companies. Typically, the main goal of an attack is to target a critical business practice and create the biggest impact in the shortest timeframe. If criminals can affect business-critical practices, they can set in motion a chain reaction across many other areas of your business, including supply chains, magnifying the impact and creating knock-on effects.
Criminals aren’t looking to cause momentary disruption; they are attacking you where they know the most damage will be felt. They are targeting your business-critical practices.
Take an oil company as an example. A network attack designed to take down a server that controls oil pumps can, if successful, halt production immediately. This will have an enormous impact on the oil company’s ability to function because it hits at the very core of its business model. These are the critical areas where you need to focus your protection on.
Protect Your Employees
In the modern world, criminals have so many more points of entry through which to attack, given the fragmented nature of company operations. Often, attacks aren’t highly sophisticated or targeted operations; instead, they tend to start as wide as possible before narrowing down to a specific person or endpoint. More often than not, their way in is through unintentional employee mistakes or through unprotected equipment.
Tried and tested techniques, such as phishing, are still a major focus for attacks, with cybercriminals simply targeting the weakest link in a chain and attacking there, quickly. It could be something as simple or obvious as an employee clicking on a link in an email without thinking or working on a machine from home that isn’t secure. These are low-risk and low-cost operations for the attackers, and they have the entire global marketplace available to them.
Protecting your employees is paramount to protecting your business. Encourage your workforce to follow standard protection practices and have systems in place to protect them by offering regular training geared towards improving cyber-hygiene. Simple measures such as these can massively limit your chances of suffering a cyberattack.
Protect Your IT
The more your organization relies on technology, the larger the threat surface you need to defend. When adopting any new software or devices into your business-critical processes, you need to know how you will protect the technology. It’s the companies who adopt new systems without properly securing them first that present the best opportunities to cybercriminals.
With the reliance on digital processes only increasing, companies need to treat cyber the same way they treat legal. Every business is aware of the legal threats they can be victim to; therefore, experts are engaged at every turn to prevent any issues from arising. This same mentality is needed for your cybersecurity.
Your company would never sign a deal, a major merger, or even a standard contract without a lawyer present, and it should be exactly the same situation for your new technologies. To limit the chance of being attacked by hackers, companies should engage with cybersecurity experts and professionals ahead of adopting new technology, just as they would do with lawyers for new contracts. Engraining this mentality into your company can have a dramatic impact on bolstering your cyber-hygiene.
Becoming Harder to Hack
The core concept behind effective cybersecurity is to make it incredibly hard and expensive for criminals to even try to attack you. Simply having an enhanced approach to security embedded across your IT systems from the outset acts as a key deterrent to potential attackers.
A good place for businesses to start is with some form of visibility and detection capabilities while improving the overall speed of response to threats. Get effective cybersecurity solutions in place early and look to dynamically and continually improve them over time. A simple action plan put in place quickly and updated regularly will be more effective at deterring potential attacks than you might initially think.
You can find out more about cybersecurity in manufacturing today from the Management Perspectives cybersecurity playlist – a wealth of resources to help you keep your business safe.