We heard from pros in water/wastewater, manufacturing, energy, food & beverage, energy and a few other industries.
Q: If your organization had a cybersecurity event today, do you have an incident response plan that identifies the people to notify and what to do?
Cybersecurity threats evolve over time. An attack can spread as an adversary moves laterally through a network in search of sensitive client data, intellectual property and administrator-level credentials.
The more efficiently your team executes a response plan, the more quickly it can isolate affected systems and reduce the cost of a breach. The average cost of a data breach in 2021 topped $4.24 million, an amount that could be cut by 50% or more with the right mitigation measures in place, the Ponemon Institute reports.
A third-party cybersecurity assessment can map out a response plan — a combination of automated and in-person interventions — that’s appropriate for your organization and aligns with your industry’s best practices and regulatory requirements. Learn more about GrayMatter's cyber assessments in a one-on-one cyber briefing.
Q: When is the last time your organization mapped its network of connected assets and how they communicate?
Organizations should be analyzing network maps and connections, or topology, regularly. It’s hard to protect what you can’t see.
“Without a proper network topology, you can’t place the right controls and protections around your most critical and vulnerable OT assets, which might be unpatched PLCs or sensors on Level 1 of your network, but could also be legacy operating systems running on workstations,” says GrayMatter Cybersecurity Practice Director Scott Christensen.
Network segmentation based on the responsibilities of network assets mapped during an assessment allows organizations to calibrate their protections and make it difficult for a vulnerability that impacts one network level to affect other levels. Solutions like deception technology offer more protection by creating decoy assets and preventing IP addresses, nations and apps from interacting with a company’s ICS environment.
Q: Do you have documentation of the cybersecurity tools your company uses, potential vulnerabilities and overall risk profile?
Government regulation is changing OT cybersecurity. There’s a constellation of rules that already require (or could soon require) industrial organizations to conduct a cybersecurity assessment, report “significant” cybersecurity incidents or implement protections.
For example, the Strengthening American Cybersecurity Act, which passed unanimously in the Senate in March 2022, proposes to require companies to report cyber incidents within 72 hours and ransomware payments within 24 hours to CISA, the Cybersecurity Infrastructure Security Administration.
Documentation of a company’s cybersecurity tools, remote access points and users and potential threat vectors is crucial to meeting reporting requirements in a timely manner, and they’re a key part of an assessment from GrayMatter.
“If you’re in one of the critical categories — critical manufacturing, critical infrastructure, water power, all those — some level of regulation is either on you or coming your way,” said Scott Christensen, GrayMatter’s Cyber Practice Lead.
As industrial companies and utilities connect more systems through digital transformation, they introduce new risks to their environments. GrayMatter’s Cyber offering is built around mitigating those risks. Schedule a customized cyber briefing to get started.