Cyber Risk
With cyber risk growing in prevalence and sophistication, cyber security has become a necessity for commercial, industrial and even residential applications. It has become necessary to protect our businesses, workplaces and our supply chains. While addressing the problem can seem daunting, many solutions are actually easy to deploy, have no negative impact on your operations and are inexpensive. Some simple measures can go along way toward managing your cyber risk exposure.
Financial Impacts
High profile cyber attacks are occurring with regularity in recent years with the Colonial Pipeline incident recently leading headlines. The majority of attacks are financially motivated. Less sophistication is required and there are many applications available on the dark web for purchase to disrupt the operations of industrial or commercial clients. An attacker does not need to know the inner workings of your business. All they know is that you would like to keep it running uninterrupted and you may pay a ransom to do so.
Safety Impacts
Cyber attacks are also conducted with the intention of causing societal disruptions. A water treatment facility in Florida was recently hacked with the intention of poisoning municipal drinking water. Nuclear facilities have been infiltrated and attacked with the intention of causing large scale destruction. While most of these headline grabbing attacks are either state actors or compromised employees with bad intention, many businesses handling dangerous materials or operating close to the public are at risk.
Industrial Risk Assessments
Industries handling dangerous goods are often experienced with process risk management. Participants of process risk assessments may notice a significant portion of identified hazards originate from potential automated failures. Protection against automated failures are also likely automated since human intervention are often deemed less reliable or too slow. These common "hackable" points of failure require extra scrutiny to ensure automated systems are not compromised by hostile actors.
Steps towards protection
The first step on the road to a successful risk mitigation strategy is to document the current or future infrastructure design. When a philosophy is compared against the design, improvements can be quantified and digested at the management level for funding. Independent consultants can help provide insight on industry best practices and to help benchmark measures taken against industry peers.
Cyber Vulnerability Assessments
Gap assessments can be applied to current infrastructure to plug any holes as a short term solution. Virus protection services are a useful part of a protection strategy as they can head off any vulnerability before the next assessment.
Cyber Risk Assessments
Industry end-users are able to consolidate their well established process risk management activities with cyber risk management activities. By feeding this cyber risk data into internal work processes , synergies emerge. It is easier to manage change to automation infrastructure that has undergone a cyber risk assessment (i.e. CHAZOP).
The need to manage cyber risk is getting the attention of industry risk management standards. IEC 61511-1 notes that cyber security measures are needed to ensure the communications of system instrumented systems are made secure.
With the help of our partners at CyberLucent, we are able to support our clients with tools that provide continuous cyber risk monitoring, with a focus on proactive risk mitigation, enterprise grade advanced threat detection, and protection. Lucid is a secure, risk-managed, network segment that operates within any host network, even a hostile one. Simply plug-in and connect to the included gateway via Ethernet or WiFi, and your private, secure network is up and running in minutes. Work in a corporate-like secure network from anywhere: your home, your small office, at the local coffee shop or in your remotely connect control room. Lucid is Fast, Easy, Portable, Secure and Affordable.
"Better Than a VPN"
Lucid replaces VPNs of old, enables a Zero Trust security model, and creates an isolated network for you or your business, regardless of network location. Lucid uses biometric authentication for secure and seamless access into your private network from almost anywhere.
No login, no software, no license, no configuration, no hassle
Free Tips to Mitigate Cyber Exposure
New to cyber security concepts? Feeling a bit overwhelmed, reach out to your Watchmen contact about where to start.
In the interim, here are things you can do to minimize the risk of attacks:
- Segregate professional and recreational activities.
- Ensure security measures are in place when using screensharing applications. They are a very serious vulnerability, particularly those with remote control capabilities.
- Ensure your software is up to date. Software companies update their software regularly, often to close backdoors in your software. Hacking tools take time to develop and often are used after a patch is available knowing that not everyone has patched their devices. Don't get caught unaware.
- Change passwords regularly. With all the data breaches in the past, a common data point is your username and password. A simple password change can thwart an attack. You can inquire if an email address has been compromised with a free tool here. Passwords are hard to manage and likely get used for multiple sites so they are important to update regularly.
And here are some risky behaviors to avoid:
- Do not work on safety critical infrastructure alongside screensharing activities or kids computer games. Political careers have ended with adoption of Zoom for broadcasting unscrupulous activities.
- Do not conduct banking activities on a cheap, used tablet that is loaded with free apps that may harvest your data.
- Do not use your work computer USB ports to charge other devices as malware can spread.
And some general advise and words of wisdom:
- If you are unsure, stop and think. The government doesn't accept bitcoin, and they likely won't arrest you for trivial matters. This process takes years not minutes. When something is fishy, google is this a scam?
- Contact Watchmen. We have your security in mind, are ethically bound as part of the professional engineering associations we are associated with, and we are here to help. If you're not sure about something, just ask.