The Business Case for Protecting the Crown Jewels from Cyber ​​Threats

January 2022
IT in manufacturing

Mission-critical assets are known as the “crown jewels”. These are high-value assets that would cause the most business disruption if compromised. Anything of value attracts the attention of criminals and it’s no different in cyberspace. Information technology systems and data are an important part of an organization’s crown jewels. These may include trade secrets, intellectual property, company or customer data, and operational and financial systems.

Organized cybercrime is the biggest threat and is a lucrative and growing business. Common threats are ransomware, data breaches, malware, and phishing. The impact of cybercrime in 2021 is estimated at $1 trillion. A major ransomware group, REvil was recently eliminated by Russian authorities.(1)

Many organizations have the basics in place but lack a formal framework to manage and mitigate cyber risk. In some cases, key areas are overlooked. There is no effective visibility of key cybersecurity measures. This results in leaving the “cyberdoors” wide open, making them an attractive target.

The costs of recovering from physical or cyber incidents can be higher than the cost of preventing such events. These costs are quantifiable, but damage to the reputation and trust of customers or shareholders is difficult to assess and can last a long time. The costs of a data breach can run into the millions. This includes costs for: detection of a breach, business interruption, lost revenue due to downtime, cost of lost customers and acquisition of new customers, notification of breaches and activities Answer.(2) Employee safety is non-negotiable, but can be compromised by cyber threats to operational technology.

Physical or real threats such as burglary, vandalism, fires and floods are well understood. Money is spent on fencing, alarms, security guards, fire detection and suppression. This protects physical assets against potential business interruptions, loss of revenue, customer trust, and even business closure in extreme cases.

The same due diligence should be applied to protect high-value logical assets or virtual crown jewels.

The Financial Sector Conduct Authority (FSCA) today acknowledged the risks in South Africa: “The greatest challenge for every institution today is the frequency and sophistication of targeted cyberattacks, with perpetrators continually refining their efforts to compromise systems, networks and information, globally. Cyberattacks have targeted critical infrastructure and strategic industry sectors such as the financial sector.”3)

The South African Information Regulator takes data breaches seriously and the PoPIA (Personal Information Protection Act) provides for a fine of up to R10 million or imprisonment of up to in 10 years.

According to the World Economic Forum: “Cyber ​​risk is a systemic challenge and cyber resilience a public good. Each organization acts as a custodian of information it manages on behalf of others. And each organization contributes to the resilience not only of its immediate customers, partners and suppliers, but also of the shared digital environment as a whole.”

Wolf Pack Information Risk(4) recommends the following nine-step action plan:

1. Make cybersecurity a business priority with a clear vision and accountabilities. Cyber ​​resilience is a leadership issue. The board has ultimate responsibility for cyber risk oversight and resilience.

2. Establish strong and robust processes to manage cyber risks.

3. Identify critical information assets or crown jewels – understand which key business areas (processes, people and technology assets) are at risk.

4. Conduct a cyber risk assessment using a state-of-the-art framework covering cybersecurity, privacy and resilience. Assess the main adverse threats to the Crown Jewels.

5. Determine and implement the most appropriate method to protect the crown jewels. Build a prioritized roadmap for adopting cybersecurity fundamentals to preserve the confidentiality, integrity, and availability of data and IT systems.

6. Strengthen internal skills to maintain cyber resilience capacity and be sufficiently prepared to deal with cyber threats.

7. Initiate a change in employee mindset to enable a culture of continuous improvement of safety in all aspects of business processes through continuous awareness training.

8. Monitor Effectiveness and Make Appropriate Improvements as Needed – undertake systematic testing and assurance regarding the effectiveness of security controls. Penetration testing and third-party vendor risk assessments are examples.

9. Prepare for incident response and notification of significant cyber incidents to regulated entities or authorities.

Taking steps to prevent cybersecurity incidents will provide the following business benefits:

• Build customer loyalty and trust by demonstrating that you value their business and data.

• Ensure the sustainability of operations, financial stability and competitive advantage.

• Protect the interests of shareholders.

• Provide a holistic approach to minimize the risk of business interruption and financial loss.

• Improved visibility of cybersecurity posture and maturity.

• Demonstrate due diligence by being aware of potential risks and implementing appropriate controls.

• Demonstrate good governance and avoid potential liability claims.

• Provide evidence that appropriate action has been taken. This is essential in the event of a cyber-break-in.

• Reduced cybersecurity insurance premiums.

Please contact me to share your thoughts, if you’ve been hacked or need help – [email protected] or

https://alertafrica.com. You can also report violations to the National Computer Security Incident Response Team (CSIRT) at [email protected]

Here are some resources used or referenced in this article:

(1) Reuters, January 2022, Russia suppresses hacking group REvil at the request of the United States – FSB, https://www.Reuters.com/technology/russia-arrests-dismantles-revil-hacking-group-us-request-report-2022-01-14/

(2) IBM Security and the Ponemon Institute, 2021, Cost of a Data Breach Report 2021-2021 https://www.ibm.com/security/data-breach

(3) https://www.fsca.co.za

(4) www.wolfpackrisk.com



Credits)

Further reading:

Five tips from industry experts to help protect industrial networks
RJ Connect IT in Manufacturing

Looking back on 2021 so far, it’s no surprise that cybersecurity-related keywords have grown in popularity on Google Search according to the Google Trends Global Index. Among these keywords, ‘cybersecurity

Read more…


Digital prototyping increases sales by 500%
Siemens South Africa IT in Manufacturing
Provide a solution
From apple orchards and citrus groves to table grape vineyards and pecan farms, you can find farmers across Southern Africa using Red Ant Agri Engineering machines. This is due to the fact

Read more…


What does digitalization mean for food safety?
Endress+Hauser South Africa IT in manufacturing

Product safety remains a vital subject to ensure food security in the world. To this day, many manufacturers are still wondering whether digitization can help reduce the effort required for process optimization, production monitoring and system installation.

Read more…


Digital twins improve asset productivity in oil and gas applications

IT in manufacturing

The ability to continue through various production cycles without any unplanned downtime means practical scanning efficiency is essential.

Read more…


IaaS – pay for experience but not for assets
Schneider Electric South Africa IT in manufacturing

Infrastructure as a service has emerged as a feasible option that maintains critical infrastructure such as IT, power consumption, and business continuity while organizations focus on their core business.

Read more…


Siemens expands its Xcelerator portfolio
Siemens South Africa IT in Manufacturing

Siemens Digital Industries announced the release of NX Automation Designer software and NX Industrial Electrical Design software, a new suite of solutions that provide a central design application for industrial, electrical and automation design.

Read more…


Smart Automation for Industry 4.0

IT in manufacturing

Jumo smartWARE Evaluation is a software solution that enables browser-based process data analysis via customized dashboards.

Read more…


Simplify the management of hybrid IT environments
Schneider Electric South Africa IT in Manufacturing

With the continued evolution towards hybrid cloud environments, an additional layer of complexity is added; nothing is ever as simple as it seems.

Read more…


Server engine to increase machine learning requirements
Beckhoff Automation IT in Manufacturing

TwinCAT Machine Learning offers an additional inference engine.

Read more…


OPC Classic Data Connectivity Notice
Moore Process Controls IT in Manufacturing

In June, Microsoft released a security update that changed the way the Windows operating system enforces DCOM security. As a result, DCOM-based OPC communications may stop working when Windows changes begin to be applied in 2022.

Read more…



Source link

Previous

The Right Business Plan for Relationships - Los Angeles Sentinel | Los Angeles Sentinel

Next

Global Plate Compactor Market Research Report 2022

Check Also