How do you protect against Cyber Attack in the age of Industry 4.0? You start by attending the APPMA Business & Industry conference, a virtual and in-person event on 16 September, to hear advice from Deloitte partner for Cyber Risk Advisory, David Owen.
The industrial revolution saw the progressive introduction of technology that largely resulted in removing people from the production process to drive efficiency through automation. Smart factories are essentially the next step in that process that will deliver innovative benefits but also see our dependency on technology rise quite significantly.
Deloitte partner for Cyber Risk Advisory, David Owen is one of the keynote speakers at the upcoming APPMA Business and Industry Conference in Sydney (register here). He will reveal the growing threat of ransomware incidents and the root causes and issues that supply chain leaders, shareholders and boards need to consider to avoid dangerous assumptions.
“Many organisations are embracing digitisation, including converging IT with Operational Technology (OT) and leveraging cloud and Industrial Internet of Things (IIoT) technologies,” he says.
“The pandemic forced many organisations to quickly enable remote access for their OT personnel. These changes result in OT environments being more exposed to increasingly sophisticated cyber threats.
For instance, Owens says, if there is a ransomware attack causing a catastrophic failure, there are many questions production teams need to consider in advance of an attack. They include the immediate safety for workers to remain in the factory or across various sites and how to communicate quickly with internal and external stakeholders.
With integrated systems, have manufacturers considered what other aspects of production the disruption has caused, such as changed use-by dates on packaging, fired off incorrect product codes, barcodes ... and what happens to packaging and production machinery if the factory comes to a complete standstill?
Owens sees resilience as an end-to-end concept and believes organisations need to invest in understanding their system’s ability to withstand and respond to an attack.
“Boards and management are often told to trust, but it is worthwhile to verify and see plans and testing take place and actually go and check they exist and work effectively. Ask lots of questions and go and ‘kick the tyres’ in the engine room if required.
“Assume you are going to have an attack. How are you going to resume services? Have you got the right people available? Do you have a plan? Do your back ups work and where are they stored?” he says.
“A lot of organisations have a large mix of factories across their global businesses. Some sites are very modern and others using outdated machinery and processes. If the discussion is about where to direct investment to help protect against cybersecurity attacks, at some point you need to compare future transformation or building new factories or updating sites with new technology or doing nothing. Do you want greater risk or improved efficiency?”
Owens says not everything is important. “Assess which parts of the process are mission critical and zoom in on those steps first,” he says. Many leaders assume they have ‘back ups’ and that this is an IT issue, but in reality it will be a supply chain issue. “How big are your stock piles if you have an outage? When was your last back up? Do your team conduct back up testing so they can do a full recovery if they have a ransomware attack if all their computers and servers are hit? How isolated and protected are your factory systems from the rest of the organisation?
“We’ve seen situations where an attack has also affected all downstream customers. When TOLL went off the air, lot of businesses who relied on them were affected. Who would be affected if you were attacked?”
DETECTION IS KEY
One of the key areas of focus is detection as the data shows that it takes 201 days on average to identify a cyber breach, giving attackers on average more than six months to prepare and launch their ransomware attack.
It can take less than 35 minutes to ransom an entire network for a large distributed global organisation and 50 per cent of ransomware attacks leverage the supply chain – vendors or contractors.
There is often a ‘dwell time’ between the initial compromise of a network and when the attack strickes.
“The initial entry point might be a phishing email, that persuades the user to log in to a third party site, providing password and username allowing malware to be loaded onto your desktop. Gateways with secure remote access which allow external parties such as overseas based equipment vendors, who connect to access and monitor your equipment can also be a point of entry," he explains.
Two years ago there was a degree of complacency around cyber attacks, but with many high profile businesses being attacked and news of their ransomware payments hitting the media, it is on the radar of leadership, boards and the C-suite.
Another growing issue is cyber insurance where many insurers are retreating from this space and will no longer fund ransom payments.
“It’s a growing legal question, whether it is legal to pay a criminal organisation in Russia with company money?”
Cyber Risk leaders from high profile FMCG companies, Lion and Arnotts are on a panel at the APPMA Business and Industry conference as they see the biggest risk coming from cyber attack on their supply chain. The future may see large organisations implement strict cyber security guidelines, as is happening with sustainability, on their suppliers as a way to manage their risk.
Book now with Early Bird rates until June 30 for the APPMA conference in Sydney on 16 September, to learn more practical tips from David Owens and the panel on Cyber Security.