By Gregory Hale
It is now mid-year report season as multiple organizations continue to show they are on top of their game and cybersecurity issues remain at fever pitch for manufacturing companies in multiple sectors across the globe.

In those reports we learn ransomware is up, costs of data breaches continue to skyrocket, hacktivists continue to target energy and manufacturing sectors, a huge number of companies do not feel they have proper protection against malware and cyberattacks from file uploads, VPN connectivity remains a nightmare and Common Vulnerabilities and Exposures (CVEs) continue to plague the industry.

We also know the Cybersecurity and Infrastructure Security Agency (CISA) released a three-year plan to show everyone where they stand and how they are going to help federal agencies and private sector critical infrastructure organizations and companies from all sectors. Its Cybersecurity Strategic Plan provides a blueprint to address immediate threats by making it difficult for adversaries to target networks; harden the terrain by adopting strong practices for security and resilience, and drive security at scale by prioritizing cybersecurity as a fundamental safety issue and ask more of technology providers to build security into products.

Framework Facelift
In addition, the NIST Cybersecurity Framework is getting a facelift as the version 2.0 is now hitting the street. The framework’s scope expanded from protecting critical infrastructure, such as hospitals and power plants, to providing cybersecurity for all organizations regardless of type or size.

Schneider Bold

Until now, the framework described the main pillars of a successful and holistic cybersecurity program using five main functions: Identify, protect, detect, respond and recover. NIST now added a sixth, the govern function, which covers how an organization can make and execute its own internal decisions to support its cybersecurity strategy.

On top of that, the Securities and Exchange Commission (SEC) passed a new rule saying public companies must now disclose within four days all cybersecurity breaches that could affect their bottom lines. The new rules also require publicly traded companies to annually disclose information on their cybersecurity risk management and executive expertise in the field. The idea is to protect investors.

Through all of this, we know through another report from ICSSTRIVE (a sister publication of ISSSource) and Waterfall Security Solutions 2023 Threat report cyber attacks that have an effect on operations are on the rise. For last year ICS STRIVE reported on 218 incidents, 57 of which were attacks that ended in physical consequences. While that may seem like a small sampling, keep in mind these are only incidents publicly reported.

Advance Security Program
In the end, and what is blatantly obvious, what all these reports are getting around to saying is attacks are on the rise and they will continue to increase if the industry continues to remain the low hanging fruit for attackers. Companies need to advance whatever security program they have and get out from behind the eight ball.

The following are some basic best practices to stay ahead of attackers:

  • Fight to remain resilient
  • Understand your risk equation
  • Understand your likelihood and the consequence of an attack
  • Get specific OT training
  • Re-evaluate you system
  • Increase visibility
  • Take stock in what you have on your system
  • Understand what is talking to what
  • Create a culture of collaboration
  • Communicate

As industry experts continue to learn, companies are at various levels of security deployment. Astonishingly enough, there are a huge number of firms just starting out, while others have programs and are underway while others – and not enough – are at a more advanced stage.

No matter where you are, it is time to advance your security program and remain protected and resilient because whether you are a small-, medium- or large-sized company, attackers are out there, and they are coming.

Are you ready?


Pin It on Pinterest

Share This