Virtualization Technology News and Information
Article
RSS
What to Consider When Budgeting for 2023's OT Cybersecurity Needs and Wants

By Ilan Barda, Co-Founder & CEO of Radiflow

Regardless of what the future holds for the economy in 2023, your organization, especially its financial commitment to supporting OT cybersecurity efforts, is being decided now.

At this critical juncture, we see that cyber-attacks, such as ransomware attacks, showed no sign of slowing down in 2022, impacting companies big and small across North America and Europe. What we see across industries, as a result, is that cybersecurity teams are tasked with balancing external threats with internal protocols and federal requirements- making it more crucial for them to have the resources they need to secure their connected devices operating in an OT environment.

In the public sector, much of the funding needed to secure critical infrastructure has already been allocated. However, in the private sector, funding is far from guaranteed. Here lies the big question, how do you maximize your efforts, considering the current economic uncertainty, and your need to protect assets?

Weighing your 2023 options

In the private sector, you have three options in how to proceed with obtaining the budget you need while still providing the vital support your connected OT equipment needs.

Here are 3 options to consider:

Option 1- Do nothing

If your organization has not yet begun its digital revolution, you may choose to continue as-is, relying on manual tasks or machines that have no internet connectivity.

From the board's perspective, if 2023's financial outlook seems uncertain, perhaps this is not the best time to invest in the costly modernization of the production lines and the related comprehensive cybersecurity solution.

In this scenario, it is still important to note that any connected device, from large machinery to small IoT devices, must be secured. One hacked network device provides access to all other devices that have trusted the same network. So, make sure that you review your existing architecture and verify that the required cybersecurity controls are in place.

Option 2- Full steam ahead

Will holding back the tide of your digital transformation actually cost your organization money? After all, the reason you digitized in the first place was to streamline processes, making more room for profit-generation operations, such as greater production or significantly lower operating and utility costs. For example, the ROI on deploying energy savings IoT solutions has become even clearer as energy prices dramatically increased.

To those that decide to proceed with the digital transformation plans, I recommend that you do so with caution. Consider:

  1. Automation expands the cyber perimeter. Make sure that you deploy OT-specific cybersecurity tools that can allow you to protect your cyber perimeter and detect any anomalies in the internal OT network without impacting the operation.
  2. Optimize cybersecurity
a. Run OT-BAS (Breach and Attack Simulations) to understand what has a higher priority to defend. This is ideal if you have the budget and can hire an in-house team.
b. Identify the business impact of each vulnerability and then prioritize your security controls according to the tolerable business risk.

Option 3- Make more with less

Across industries, we have witnessed large pressure from boards and C-level executives to reduce costs throughout their company, keeping only what is mission critical.

Whether you are operating some connected legacy device or in the midst of your organization's digital revolution, consider if some parts of your digitization can be held off for the time being. Can the digital revolution be delayed, considering that:

  1. Fewer connected devices and sensors mean a smaller perimeter to protect since there are simply fewer devices to hack.
  2. Cybersecurity as a Service- Instead of purchasing OT cyber-security tools and struggling with their deployment and operation, outsource it as a service (MSSP). Here, the costs are less, and your commitment is relatively short. At the same time, you have to weigh that an internal team will be needed sooner than later and when a team is kept in-house, so is the knowledge.

Cybersecurity is no luxury

Ultimately, Cybersecurity is a non-optional investment. What was once a luxury is now a must-have, not only by your board but by multiple federal agencies as well.

Both your CEOs and the board know it's needed, but that doesn't mean you won't be expected to justify your budget. Be prepared to answer what's in your network, where the weaknesses are, and a clear roadmap on how to prioritize, fix, and secure your network. Make it painfully obvious. Be prepared to break it down piece by piece as it relates to business goals. Don't assume they understand the task at hand or the urgency.

Ultimately, understanding your department's critical needs and aligning them with your company's roadmap is the only way for the board, C-level executives, and your team to be aligned. This alignment goes beyond the budget. You'll be aligned on what it takes to actively protect the investment that has streamlined processes and allowed the digital revolution to pave a path to their thriving business.

##

ABOUT THE AUTHOR

Ilan-Barda 

Ilan Barda, the founder of Radiflow, is a Security and Telecom executive with 20 years of experience in the industry. Ilan has deep expertise in developing secure communication equipment from his service in the Information Security division of the IDF.

Published Thursday, January 12, 2023 7:34 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<January 2023>
SuMoTuWeThFrSa
25262728293031
1234567
891011121314
15161718192021
22232425262728
2930311234