As the world becomes more digitally connected, the need for strong cybersecurity practices is increasing exponentially. Throughout the past year, organizations across industry verticals made rapid pivots and transformations to lean heavily on technology for their business operating models.
During that somewhat chaotic time, cyber resiliency may have taken a back seat on the list of essential priorities. Now is the time to revisit those new capabilities and put the proper cyber protections in place.
Cybersecurity is not a one-size-fits-all strategy. Depending on your industry, there are several key factors you should consider, and security implementation should be customized to your organization’s needs. These focus areas, in four key markets, can help improve your approach as you shift from cybersecurity to cyber resilience.
Life sciences: A focus on intellectual property
Life sciences organizations are primarily investing in cybersecurity to protect their intellectual property (IP). For pharmaceutical companies, IP includes formulas for medicines and treatments with life-saving capabilities. If those formulas were compromised by a cyber attack, the consequences could be fatal at worst, and financially bad at best.
For example, hackers with full access to the factory floor could manipulate the formulas for the medicines that the factory is producing and create an unsafe concoction for the end consumer. Another scenario could be that the attacker deploys ransomware to the systems on the factory floor, which would take the factory down until the company could effectively remediate the hack.
Remediation typically involves paying the ransom, or performing a full disaster recovery process for the factory.
In a year when healthcare has been even more important to our society than usual, there are still few regulations for cybersecurity compliance within this industry. Performing cybersecurity improvements or upgrades requires companies to stop production lines on pharmaceuticals or medical devices, effectively cutting off their revenue streams, which can deter companies from moving forward with aggressive cybersecurity implementations.
However, there are still ways to bolster their cybersecurity programs. Life sciences organizations need not only to plan for potential future compliance regulations, but also to concentrate on limiting the severity of a potential breach.
Properly segmenting their networks can limit an attacker’s access to critical data and cut off the path that damage could take. Companies should also prioritize improving visibility into the risks associated with other attack vectors, such as insider threats that can lead to IP theft or accidental data leakage.
Automotive: Protect operational tech
Today’s cars, in many cases, are computer systems with wheels. These systems need to be developed securely from the ground up, with secure communication across their connections to infrastructure, and to devices inside and outside the vehicle.
The automotive industry does have regulations with cybersecurity standards that must be met. Compliance doesn’t always equal security, but it’s a good start, and car companies are jostling for position to meet those standards. This is critical, because the automotive industry’s IT departments are getting more connected to their operational technology (OT) counterparts.
OT refers to the hardware and software that monitor or control industrial systems, from smart cities to manufacturing.
The broader the connectivity, the more likely that the attack surface for hackers has exploded, since vehicles are becoming more connected to the Internet and to other vehicles. The larger the attack surface, the greater the risk to the safety of these vehicles.
It’s important for automotive organizations to maintain their business processes and functions while also maximizing operational resilience. By improving the cybersecurity posture of their OT infrastructures, organizations can reduce their converged risk on the connection between OT and IT.
Energy and utilities: Deal with compliance rules
Utility companies were some of the first to start investing in cybersecurity, mainly due to heavy regulations forcing strict compliance. The threat of hefty fines, as high as $1 million per day, per security incident, has led utility organizations to strengthen their cyber defenses by meeting and exceeding standards.
Within the energy sector, oil and gas companies are increasing investments in cybersecurity due to a safety-first culture. Before profits and costs, safety is the absolute top priority, the companies say.
As IT and OT interconnect and create incredible capabilities to improve efficiency and automate tasks, organizations must recognize the security implications. Cyber attacks occur within IT, but if hackers can make their way onto the OT infrastructure, the consequences could create a very unsafe situation for both on-site workers and any civilians nearby.
Energy and utility companies must ensure that their operational technology stays segmented and protected from any threats emerging on the IT network to keep employees and communities safe from a potential crisis.
Media and entertainment: Secure content
During the pandemic, people have formed new habits, and businesses have started to take new approaches to connect with their customers. While out-of-home entertainment is reeling under the effects of lockdowns and social distancing, the global market is expected to observe remarkable growth.
For the media and entertainment industry, the primary cybersecurity focus is securing content—whether it is purchased from a production company or produced in-house. Content is both the IP and revenue stream, so these organizations should prioritize data and cloud security, along with identity and access management, to ensure that only the right people are able to access approved, specified content.
There’s also a focus on partner security, since these organizations work with several third-party companies at a time. Unlike the other industry verticals mentioned above, media and entertainment companies don’t have a significant OT element to their security operations, but breaches within the IT network can still have severe consequences.
Bad actors can exploit through a host of different means, including using offensive and threatening content, pirating goods, and directly engaging with unsuspecting fans and consumers in a way that they previously could not.
Boost your resilience through awareness
The quick decision making of organizations across industries to transform their capabilities and leverage technology has likely kept their businesses not only afloat, but, in many cases, thriving. But these new technology initiatives must come with a strong sense of cyber awareness.
Attack surfaces and access points are ballooning, and connectivity is reaching unfamiliar levels. A breach right now—during an economic downturn—could be devastating to a business. Organizations must recognize their priorities, and focus security based on the industry they are in.
All companies must create a culture of cyber awareness that champions operational resilience. The investment in a strong foundation can prepare businesses for future disruptions while reducing the risk of a potential disaster.