By
Ilan Barda, Co-Founder & CEO of Radiflow
Regardless of what the future holds for the
economy in 2023, your organization, especially its financial commitment to
supporting OT cybersecurity efforts, is being decided now.
At this critical juncture, we see that
cyber-attacks, such as ransomware attacks, showed no sign of slowing down in
2022, impacting companies big and small across North America and Europe. What
we see across industries, as a result, is that cybersecurity teams are tasked
with balancing external threats with internal protocols and federal
requirements- making it more crucial for them to have the resources they need
to secure their connected devices operating in an OT environment.
In the public sector, much of the funding
needed to secure critical infrastructure has already been allocated. However,
in the private sector, funding is far from guaranteed. Here lies the big
question, how do you maximize your efforts, considering the current economic
uncertainty, and your need to protect assets?
Weighing
your 2023 options
In the private sector, you have three options
in how to proceed with obtaining the budget you need while still providing the
vital support your connected OT equipment needs.
Here are 3 options to consider:
Option
1- Do nothing
If your organization has not yet begun its
digital revolution, you may choose to continue as-is, relying on manual tasks
or machines that have no internet connectivity.
From the board's perspective, if 2023's
financial outlook seems uncertain, perhaps this is not the best time to invest
in the costly modernization of the production lines and the related
comprehensive cybersecurity solution.
In this scenario, it is still important to
note that any connected device, from large machinery to small IoT devices, must
be secured. One hacked network device provides access to all other devices that
have trusted the same network. So, make sure that you review your existing
architecture and verify that the required cybersecurity controls are in place.
Option
2- Full steam ahead
Will holding back the tide of your digital
transformation actually cost your organization money? After all, the reason you
digitized in the first place was to streamline processes, making more room for
profit-generation operations, such as greater production or significantly lower
operating and utility costs. For example, the ROI on deploying energy savings
IoT solutions has become even clearer as energy prices dramatically increased.
To those that decide to proceed with the
digital transformation plans, I recommend that you do so with caution.
Consider:
- Automation
expands the cyber perimeter. Make sure that you deploy OT-specific
cybersecurity tools that can allow you to protect your cyber perimeter and
detect any anomalies in the internal OT network without impacting the
operation.
- Optimize
cybersecurity
a. Run OT-BAS
(Breach and Attack Simulations) to understand what has a higher priority
to defend. This is ideal if you have the budget and can hire an in-house
team.
b. Identify
the business impact of each vulnerability and then prioritize your
security controls according to the tolerable business risk.
Option
3- Make more with less
Across industries, we have witnessed large
pressure from boards and C-level executives to reduce costs throughout their
company, keeping only what is mission critical.
Whether you are operating some connected
legacy device or in the midst of your organization's digital revolution,
consider if some parts of your digitization can be held off for the time being.
Can the digital revolution be delayed, considering that:
- Fewer
connected devices and sensors mean a smaller perimeter to protect since
there are simply fewer devices to hack.
- Cybersecurity
as a Service- Instead of purchasing OT cyber-security tools and struggling
with their deployment and operation, outsource it as a service (MSSP).
Here, the costs are less, and your commitment is relatively short. At the
same time, you have to weigh that an internal team will be needed sooner
than later and when a team is kept in-house, so is the knowledge.
Cybersecurity
is no luxury
Ultimately, Cybersecurity is a non-optional
investment. What was once a luxury is now a must-have, not only by your board
but by multiple federal agencies as well.
Both your CEOs and the board know it's needed,
but that doesn't mean you won't be expected to justify your budget. Be prepared
to answer what's in your network, where the weaknesses are, and a clear roadmap
on how to prioritize, fix, and secure your network. Make it painfully obvious.
Be prepared to break it down piece by piece as it relates to business goals.
Don't assume they understand the task at hand or the urgency.
Ultimately, understanding your department's
critical needs and aligning them with your company's roadmap is the only way
for the board, C-level executives, and your team to be aligned. This alignment
goes beyond the budget. You'll be aligned on what it takes to actively protect
the investment that has streamlined processes and allowed the digital
revolution to pave a path to their thriving business.
##
ABOUT THE AUTHOR
Ilan Barda, the founder of Radiflow,
is a Security and Telecom executive with 20 years of experience in the
industry. Ilan has deep expertise in developing secure communication
equipment from his service in the Information Security division of the IDF.