Above: Image by Andreus/DepositPhotos
Earlier this year, there were three instances of cyberattacks which made global headlines.
Forbes reported in May that a ransomware attack crippled the largest fuel pipeline in the US leading to massive gas shortages across eastern parts of the country.
The following month, the New York Post reported on the ransomware intrusion into the essential operating system of the world’s largest meat supplier.
Across the pond, the Financial Times reported that Ireland’s HSE (Health Service Executive) was compromised, shutting down IT systems at hospitals.
What were the consequences? A missed medical appointment, a long line to get gas, hike in meat prices, a transportation shutdown. What seemed inconsequential, was critical to someone’s life.
However, these are not unique instances. Look at what happened to countries in this part of the region. FortiGuard Labs, a threat intelligence platform, noted during the first six months of 2021, the Dominican Republic received 196 million attempts at cyberattacks. And according to Fortinet, another cybersecurity company, Puerto Rico suffered more than 187 million attempted cyberattacks in the first half of 2021.
How to manage cybersecurity risks
“Taking a single, holistic approach to cybersecurity to improve the way companies detect, mitigate and respond to cybersecurity threats throughout their lifecycle is challenging. From an individual perspective, due to an aging workforce, COVID-19, and other factors, many companies simply do not have the skills, resources, or budget to train their existing staff or the cyber-informatics experts on it. In addition, they may lack the technical experience necessary to select, implement and maintain their cybersecurity applications,” said Héctor Martínez, Telco and Cloud Account Manager for the Caribbean in Schneider Electric.
“In the same way, the processes are often complex and complicated and are often not fully documented, audited or followed up accordingly. It is also challenging to review and update them regularly, which is especially true when there is a wide range of legacy operating systems on site and a constant need to adhere to multiple industry standards and regulations,” he added.
And technology is definitely a problem. Many large companies struggle to maintain the complex mix of security systems, networks, and applications they have installed from different vendors, some of which run on different platforms. This is expensive and time consuming, and limits your ability to adapt to the dynamic nature of the cybersecurity environment.
So how can companies, regardless of size and age, manage cybersecurity risks without jeopardizing their convergence of IT / OT and digital initiatives?
- Establish a cultural mindset that embraces cybersecurity
Integrate cybersecurity into the life cycle of employees. From hiring and onboarding to employee development and succession planning, education, awareness and training – all are critical. By holding everyone, anywhere, accountable for cybersecurity, employees can move from simply performing their traditional tasks to acknowledging that implementing and adhering to good cybersecurity practices are now part of their core responsibilities.
- Implement security controls that align with best practices and standards
When it comes to the technology already have in place, always make sure things like network segmentation, endpoint protection, central authentication, central patch management, and other good practices are in place. Backup infrastructure should be regularly maintained and tested. Also, consider things like intrusion and anomaly detection, use of allowed/ blocked lists, and memory-based protection for the host system.
- Choose the right solutions for your unique environment
Cybersecurity is not a one size fits all solution. Work with suppliers to understand exactly what is needed. For example, cybersecurity consultants at Schneider Electric recently helped a customer implement a solution that was perfectly suited to their unique environment. The client was struggling to find a simple and effective way to understand and manage their cybersecurity threats. They considered implementing a complex information and security event management system, but it would have been costly and time consuming.
Also, it was too much for what they really needed. After consulting them, we provided a simpler and more scalable solution for targeting priority assets and risks, with a console to visualize risks. Plus, it being a scalable solution, allows them to expand as their environment changes and grows, meaning they can keep up with the changing dynamics of cybersecurity.
