Download document () of 20
Send email
Download
You have exceeded the download limit
In an era of growing connectivity, cyber threats are intensifying rapidly for companies around the world. And for those tasked with protecting their organizations against cyberattacks, the urgency around building a robust security program is building in parallel. Threat actors are targeting critical infrastructure as a means of causing maximum disruption in our daily lives – and achieving this aim in the most efficient and expedient manner possible.
To protect our organizations and our stakeholders from these ongoing and always evolving threats, you and your team must make cybersecurity a priority by focusing on the following:
Recent, large-scale cyberattacks have been aimed at critical infrastructure, a trend that experts anticipate will continue to grow. Critical infrastructure sectors include energy, food and agriculture, healthcare and public health, water and wastewater systems, emergency services and financial services, among other sectors deemed vital to the function of the U.S. and the world. They are also often interdependent, so any one attack can have a direct and widespread impact on other sectors.
Cyberattacks on critical infrastructure have grown in both scope and sophistication to the degree that security experts have coined them the latest WMDs – weapons of mass disruption. And they’re as pervasive as they are devastating. In December 2021, Gartner predicted 30 percent of critical infrastructure organizations will experience a security breach by 2025. In light of the current geopolitical climate, we can expect the pace of these threats to intensify.
Earlier this year, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning cautioning organizations of all sizes to prepare to respond to disruptive cyber activity. In addition, U.S. President Joe Biden issued a statement on how the government is actively working to share information and mitigation guidance with critical infrastructure owners and operators.
As threats continue to grow, regulations surrounding cybersecurity will increase. Recently, the U.S. Securities and Exchange Commission voted to unveil a rule to enhance how public companies disclose a breach, and how quickly they must do so following an event.
As a consequence, regulations at the national level will drive organizational investments in cybersecurity. According to Gartner, the demand for security products and services will increase over the next three to five years due to improved awareness, concerns about converging operational technology (OT) and information technology (IT), as well as increasing regulatory pressure.
Manufacturers like Eaton are at a greater risk of cyber security attacks than other organizations. Prior to the pandemic, 48 percent of manufacturers surveyed identified operational risks, including cybersecurity, as the greatest danger. With the digital transformation accelerated by the pandemic, the risk to all companies, including manufacturers, has grown exponentially. According to Gartner, attacks increased from fewer than 10 in 2013 to almost 400 in 2020, representing a nearly 4,000 percent increase.
And the attacks gained traction in 2021. According to technology company IBM, manufacturing companies felt the brunt of cyberattacks in the year, with ransomware and vulnerability exploitations impacting organizations around the world while further burdening the global supply chain with product shortages and facility closures.
In a recent report, IBM stated that the “IBM Security X-Force observed a 33 percent increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44 percent of ransomware attacks.”
The rise in smart factories is one factor driving this disparity. A 2019 Deloitte and MAPI Smart Factory Study revealed several risks associated with these initiatives. While smart factories are driving efficiencies for manufacturers, they can also create vulnerabilities that extend beyond virtual networks and translate into physical scenarios. Smart factory environments expose people, technology, physical processes, and intellectual property. They connect countless equipment and devices to a single network. So, if one device is compromised, it could open the entire system to any form of attack.
Now, more than ever, manufacturers must understand the growing risks to their organization so they can evolve their cybersecurity strategy accordingly.
Despite the substantial risks, we can prevent cyberattacks from impacting our operations. At Eaton, we have a cybersecurity strategy aimed at the following:
Security is everyone’s responsibility, and each and every one of us plays a critical role in protecting an organization’s information and assets. At Eaton, we’re making significant investments in cybersecurity and defining and executing a holistic cybersecurity program across all our functions, geographies, and environments.
You and your teams can take the following actions to establish a comprehensive cybersecurity response:
Detect connectivity risks: Weak cybersecurity protection in connected products can create serious problems. To defend our network, you must ensure there is network visibility, computer and network access, and firewall configuration. In addition, penetration testing – or an intentional cyberattack on a computer system – should be conducted to help identify security risks.
Protect against cyber threats: Start by updating your company’s systems and firewalls, regularly running antivirus software, using strong passwords, and using Multifactor Authentication capabilities where possible (for example, access to applications, banking, or social media accounts). Even with these protections in place, our employees will always be our best defense against cyberattacks. Provide them with the tools and training to prevent an attack or breach before it happens, and when it does, prepare them to swiftly recognize and report it so the right people can respond.
Continue to strengthen system monitoring: Continuous system monitoring is critical to your cybersecurity ecosystem. Your company’s security program should allow you to continuously adapt to emerging threats and risks. Following a breach, review what went wrong with key members of your organization. Use this time to take an in-depth look at your current line of defense and provide ways to improve it.
While these actions do not represent a comprehensive cybersecurity strategy, they do provide some important first steps aimed at developing a comprehensive cybersecurity strategy that is unique to your organization.
To maintain customer and stakeholder safety, we must make cybersecurity a top priority. And since each day brings a new crop of threats for organizations, especially manufacturers like us, the time to begin developing or enhancing our existing comprehensive cybersecurity strategy is now.
Katrina R. Redmond is senior vice president and chief information officer for Eaton, a global power management company. In this role, Katrina is responsible for the enterprise information technology strategy and execution. She joined Eaton in 2021. Prior to Eaton, Katrina worked for Hubbell, where she served as vice president and CIO. Throughout her career, she has guided digital transformations and global e-commerce solutions, and delivered global enterprise system implementations. She has held IT leadership roles at ABB, GE Grid Solutions, GE Industrial Solutions and GE Plastics. Katrina received a Bachelor of Science degree in biology and psychology from the University of Georgia. She later received a Master of Science degree in industrial engineering from the Southern Polytechnic State University. Katrina has served on the GE Women in Technology Board and received a CIO 100 Award in 2013.
