Organizations need to reconsider their strategy for cybersecurity to protect themselves from attacks before insurance ever gets involved.
By Allen Jenkins, VP of Cybersecurity Consulting at InterVision
The average ransomware breach cost $4.62 million in 2021 – up 10% from the previous year – and lasted 287 days, according to IBM’s Cost of a Data Breach report. This stat reflects a hard truth cybersecurity professionals have now accepted: Cyber threats are quickly becoming more advanced, dangerous and expensive. The question is: How can manufacturing professionals adapt to meet these rising challenges – not only to resolve a threat but to prevent one?
For years, professionals from various industries have adopted cyber insurance programs to aid with damage control in case an attack occurs. Unfortunately, “in case” is no longer an applicable mindset. Cyberattacks are not a possibility but an inevitability. And as we see cybercriminals adopt an array of increasingly advanced techniques using AI, machine learning and the Internet of Things (IoT), organizations must adapt, too.
To efficiently protect assets and revenue in 2022, manufacturing decision makers will need to prioritize a full-scale cybersecurity program that includes threat response as well as detection and prevention programs. Here’s how.
Prioritize preventative strategic services
As malware advances and phishing tools evolve, the cyber risk landscape becomes increasingly fraught. Luckily, IT professionals have access to the same evolving software as ransomware agents. Manufacturing decision makers looking to remain more agile than incoming cyber threats should consider implementing new technologies sooner rather than later.
Robust data security programs include Security Information and Event Management (SIEM) solutions that proactively empower IT professionals to identify and eradicate risk factors. SIEM improves visibility by automating data collection and compiling insights into a unified dashboard, resulting in quicker analysis and actionable recommendations for organizational improvement. Machine learning enables SIEM software to improve constantly as the system absorbs information from an organization’s data flow. That’s good news for ransomware protection: Last year, organizations with mature security AI or automation deployment resolved cyber threats 27% faster than their manual competitors.
Effective cyber response programs also employ Endpoint Detection and Response (EDR) solutions that protect multiple access points during the data lifecycle – a critical need as organizations expand into remote and hybrid environments. Although the challenge of multiple endpoints may seem like old news for manufacturing professionals, modern ransomware advancements make vigilance in handling this data especially crucial. Data should always be protected using zero trust security parameters like Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
For complete confidence in enterprise network and business systems security, businesses may need to consider a third-party Ransomware Protection as a Service (RPaaS) solution. The right RPaaS vendor will provide data system protection via zero trust security as well as 24/7 monitoring and maintenance through Security Operations as a Service (SOCaaS) offerings.
Enhance cybersecurity response measures
Data breaches that last more than 200 days cost an average $1 million more than breaches lasting sub-200 days. Cyber insurance options alleviate some of these costs, including business disruption, revenue losses, data subject notification and legal fees, but cannot cover most of the lost expenses. That’s where Ransomware Response as a Service (RRaaS) tools come in.
RRaaS combines Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) offerings into one unified solution that expedites cyber threat identification and containment. Instead of retroactively addressing the financial losses of a ransomware breach, RRaaS tools address the root of the problem and create a more efficient recovery process, resulting in fewer out-of-pocket costs. Proven solutions offer 24/7 recovery for service disruptions and integrate security backups early in the data’s lifecycle, leading to a quicker resolution when an attack occurs.
To ensure the right product selection, check for services that offer immutable backups and MFA protocols. These safeguards ensure that files cannot be altered or accessed by unauthorized individuals. Finally, prioritize tools that rely on air gapping and 3-2-1 backups for Industrial Control Systems (ICS). Air gapping measures store file backups on separate servers so that a single outage won’t affect protected data.
Invest in risk intelligence and security awareness
Employee error still accounts for almost 90% of data breaches, according to a 2022 Stanford study. The only way to successfully combat human error is to reinforce proper cyber hygiene.
First, accept that errors will occur and communicate this expectation to employees. When an employee believes their mistake is silly or could face punitive action, they’re less likely to come forward, leading to a longer threat identification timeline. Furthermore, employees are more inclined to notice malicious emails and documents when warned that phishing attempts will occur. A successful risk intelligence campaign spreads education about phishing patterns and advises employees to remain robust in their credential confidentiality. Conduct security awareness campaigns frequently so employees keep pertinent information top of mind.
Research from Deloitte indicates nearly 50% of manufacturing executives lack confidence that their data and information systems are protected. Clearly, cyber insurance is no longer enough. To address the industry’s gap in ransomware preparedness, manufacturing professionals must assess their ICS protocols and implement a cohesive security plan that considers threat response, protection and, most importantly, prevention.
About the Author
Allen Jenkins is the Chief Information Security Officer and VP of Cybersecurity Consulting at InterVision, a leading IT strategic service provider and Premier Consulting Partner in the Amazon Web Services (AWS) Partner Network (APN).