How can enterprises develop a robust cybersecurity program?
Today, the need for companies to implement a robust cybersecurity program is greater than ever. Nevertheless, a whitepaper from ABB suggests that many organisations are failing to employ basic measures to protect control systems.
Failing to implement basic security
According to the report, thousands of systems are in operation despite lacking basic security controls. In fact, "cyber experts are still struggling to convince senior management to spend money to protect their control system assets."
In spite of this, the viruses WannaCry and NotPetya have reportedly "wreaked havoc" in companies with older Microsoft Windows operating systems. This is due to the fact that these systems failed even a basic entry-level cybersecurity test.
It is therefore crucial that enterprises keep their systems up to date with the latest cybersecurity tools. Failure to do so could result in financial loss, decreased productivity, and reputational damage.
Developing a robust cybersecurity program
In order to develop an effective cybersecurity program, investing in the basics is key. As the report states, companies need to first and foremost identify what assets they want to protect.
Determining how to protect those assets is vital, while enabling intrusion detection and monitoring is also important. Next, organisations must define incident response processes and procedures and verify mechanisms in order to restore and recover assets.
Finally, it is crucial to ensure compliance with all regulatory standards set by local governing bodies. In effect, companies must follow six steps: "identify, protect, detect, respond, recover and comply."
For example, implementing a firewall to separate a control system from a corporate network is useful. Without an inventory of critical assets and applications, however, companies may remain vulnerable to risks from employees and contractors who use laptops and removable media.
ABB thus recommends developing strong security policies and practices, while also mapping out a three to five year plan to achieve security maturity. In order to execute the initiative, leveraging IT and OT teams is vital - but it is also worth seeking out OT suppliers who can offer comprehensive cybersecurity services.
When it comes to cybersecurity threats, organisations need to make sure they can continue to operate successfully in the face of growing threats. Check out our interview with Endgame's VP of Product Marketing, Ian McShane to find out how companies can ensure protection