Manufacturing, energy and industrial sectors are witnessing a paradigm shift as chief information security officers (CISOs) take on the added responsibility of safeguarding both enterprise IT infrastructure and operational technology (OT) environments. With increasing connectivity between production facilities and company networks, there is a heightened risk of cyber incidents and ransomware, emphasizing the potential impact on production downtime, margin reduction, order delays and regulatory concerns.
CISOs now inherit the added responsibility of securing the enterprise IT infrastructure and OT/industrial controls systems (ICS) environment in production facilities that are increasingly connected to company networks and internet for productivity improvement, operational excellence, production reporting and remote maintenance. This connectivity of applications and infrastructure increases the risk of exposure to cyber incidents and ransomware.
If IT/OT systems are targeted by threat actors or ransomware, their disruption can quickly lead to production downtime, margin reduction, delays fulfilling orders and reliability, as well as safety or regulatory concerns.
Many manufacturers are early adopters of technology to improve operations, driving increased connectivity between OT and corporate networks and cloud applications. This is both a benefit and a bane. While operations excellence and overall equipment effectiveness (OEE) are improved, pathways (aka initial access vectors) into OT are increased, as are dependencies between IT and OT.
Manufacturing execution systems (MES) are generally located on corporate networks separate from OT manufacturing systems. But when there are application dependencies between them (e.g., label printing, recipes, schedules), an isolated OT system doesn’t matter anymore.
Ransomware on the corporate network can disrupt manufacturing without spreading to OT networks. A critical technology dependency is interrupted, or the production operations are shut down out of concern for caution or even uncertainty.
According to the ICS-STRIVE incident database, almost half of incidents in the past 10 years were in manufacturing. Recent ransomware incident data in 23Q4 from Dragos provides further evidence that the rate of ransomware affecting ICS/OT in manufacturing has risen over 65%.
Manufacturing is vital to society. It is the food we eat, the components in our technology, the medicines we need, the boxes they ship in and so much more. With highly integrated and just-in-time supply chains, small disruptions due to cyber incidents have immediate and lasting effects, as evidenced by the supply chain issues during the pandemic.
CISOs and chief financial officers must develop the practice of quantifying their cyber risk in monetary terms and evaluate the ROI of mitigation strategies to drive effective decisions on cybersecurity investments that can thwart the current wave of ransomware attacks.
Conventional approaches, which involve assigning a criticality rating to a cyber asset or system and evaluating the severity of vulnerabilities, often fall short in persuading financial decision-makers. The prevalent scenario entails organizations seeking funds for cybersecurity projects by emphasizing the urgency of remediating high-severity vulnerabilities in highly critical systems. However, this approach neglects a crucial component: the financial repercussions of inaction—specifically, the probable financial loss in the event of a cyber incident today.
The transformational key lies in bridging this gap by quantifying cyber risk in monetary terms. By demonstrating that an investment of X amount can substantially reduce the probable loss by Y, organizations can create a solid foundation for cyber risk quantification and management.
This shift from a purely technical justification to a more financially oriented perspective not only enhances the case for cybersecurity investments but also aligns strategic decision-making with tangible financial outcomes.
Connect With Us
