Riding the current digital wave, many companies are changing their operating processes and moving to a more digitalised environment. Along with this transition, comes a host of new cyber threats. Digital transformation and hyper-convergence also create unintentional gates for risks, vulnerabilities, and attacks.

Additionally, the COVID-19 pandemic has exposed businesses to cyber-attacks and data breaches and malicious cyber actors who exploit working models in the new normal, where many businesses operate remotely.

Companies may be unaware of and are not prepared for these events with a suitable plan in place.

Security, along with wealth and sustainability is one of the three key aspects of the Thailand 4.0 Plan. It strongly encourages businesses to alter their cyber safety strategies to implement more protective measures. Nonetheless, the Thai government remains deeply committed to cyber resilience and works closely with businesses to ensure they deploy rigorous measures.

With first-hand experience and lessons from others, organisations are becoming increasingly aware of their vulnerability to cyber-attacks that could paralyse the company or destroy IT systems permanently.

Business continuity plans could use a cyber-resilience strategy that can help to cope with disruptive cyber incidents. Typically, the plans include means to protect critical applications and data against such risks and to recover from infringement or malfunction in a controlled and measurable way.

To withstand and thrive during these numerous threats, firms have recognised that they need to do more than build a reliable infrastructure for growth and data protection. Now businesses develop holistic continuity plans that can maintain their business operations, protect data, protect the brand, retain customers – and ultimately help to lower total operating costs over the long run.

The implementation of a business continuity plan will then reduce downtime and improve business continuity, IT crisis recovery, corporate crisis management capacity, and regulatory compliance in a sustainable way.

This was the focal point of the OpenGovLive! Virtual Breakfast Insight on 2 September 2021 – a closed-door, invitation-only, interactive session with digital executives from Thailand’s top enterprise organisations. Resonating the objective of imparting the current advancements in Cyber Security which will benefit business operations in the long run.

Have the right partners for the right protection

To kickstart the session, Mohit Sagar, Group Managing Director and Editor-in-Chief, OpenGov Asia delivered the opening address.

He acknowledged that there have been numerous events involving ransomware and other cyber-attacks over the last eighteen months. Businesses have been targeted from all directions and from every angle.

How much of a business’ legacy systems have been retained as people shift – or want to shift – to hybrid models. As every organisation, agency and institution makes digital transitions, doors are being opened that create vulnerabilities without even realising it.

The question we have to ask in all this, said Mohit, is what the root causes are and how do we overcome them. At some point, he opined, a business will become a target of an adverse cyber event. It is up to the business to prepare themselves, maintain awareness and ensure business continuity plans are in place.

Businesses must continuously ask how they plan to protect themselves for the long term. For that, he firmly believes, it is important to have the right partner to assist with cyber security – the most critical aspect of business continuity.

Furthermore, having competent partners who can focus on data protection, data recovery and compliance against a wide range of cyber threats enables businesses to concentrate on their primary tasks and key deliverables.

Cyber resiliency in a VUCA environment

The next speaker, Vijay Iyer, Regional Vice President – Solutions Engineering, Claroty shared his perspective on the variety of cyber-attacks against the industry, the increasing frequency, and severity.

The most notable threat in recent times has been ransomware attacks. Although they have been around for years, they have resurfaced with renewed ferocity. In the ransomware attack on the Colonial Pipeline attack, cybercriminals seized business data from the company’s networks and held it hostage until the company paid a $5 million ransom.

Although the pipeline was only shut down for a few days, it took several days to reopen. The effects of temporarily shutting down one of the largest pipelines in the United States, which supplies the East Coast with roughly 100 million gallons of fuel per day, rippled across the economy, causing gas prices to spike to a six-year high.

According to Vijay, there is an active threat landscape with a wide range and scope of where and how assaults occur. While most organisations are undergoing necessary digital transformation – undoubtedly beneficial to the business, country and citizens – it creates greater cyber risks.

Companies that run facilities with old and new systems should be classified as brownfield.  The concept commonly used in the industry describes problem areas that require the development and deployment of new software systems while legacy applications and systems are still functioning Brownfield Operational Technology poses a significant risk because these legacy components were not designed to be secure. This has been Claroty’s primary focus area to date, based on market demand.

Another reason for susceptibilities comes from evolving critical infrastructure. In most organisations, there are several infrastructures areas where companies need to deploy newer generations of components. Industrial IoT systems are being infused into older OT environments and, in some cases, replacing or complementing the existing infrastructure.

Businesses need to address the cybersecurity need for critical infrastructure. Industrial and commercial OT and industrial IoT are getting inseparable as they have combined security needs. This leads to an increased threat surface from cyber-attacks on both sides of the supply chain stated Vijay.

As a result of the pandemic, most organisations have shifted to hybrid or hybrid access which has resulted in significant exposure to critical infrastructure. In addressing this, clients face issues such as complex firewall configurations, slow emergency response time, too many perforations, purdue violations etc.

There are four pillars on how companies should build visibility, continuity and resiliency in industrial operations – Reveal, Protect, Detect and Connect.

Visibility, which is the most essential part for the company, includes asset visibility, network visibility and process visibility. According to Vijay, companies must understand not only the details of their assets but also how they are placed in the environment. When businesses have this granular understanding, they will be in a much better position to detect deviations and anomalies from that novel operating condition.

In the end, organisations must bring their findings and correct issues by filling the gaps and connecting them to the existing technology stack that the company has invested in. This will extend their business ROI and other technology applications that have been invested in the IT and OT areas.

Bowtie: robust cybersecurity strategy for the new normal

Digitalisation and IoT have upended the most basic assumptions about operational security, said the next speaker, Mathieu Lahierre, Principal, Application & Data Security – Cybersecurity, Technology Risk & Compliance, BHP.

Today’s industrial facilities, including mine sites, mineral processing plants and remote operation centres, are unquestionably the most vulnerable to cyber-attacks. Their operational systems can be compromised by internal and external bad actors, resulting in safety and production failures.

Today, an approach that brings together IT and engineering is required to address cyber security programmatically while also being sustainable. Businesses must be aware of the types of cyber risks they face in the primary sector, as well as the consequences of those risks. The main reason, he feels, it is difficult to secure Industrial Control Systems (ICS) is that it was not designed to be connected in the way that networks are today.

Mathieu introduced the cyber risk bowtie analysis that offers a powerful tool to effectively visualise complex IT risks. The bowtie diagram also provides a useful structure for implementing control measures and preventing incidents. The importance of an IT process for business becomes clear through this clear risk visualisation, which is easy to understand not only by IT personnel but also by all people within the organisation.

In short, using bowtie models for cybersecurity allows leaders to show employees why the IT department insists on controls that have been accused of being tedious and obstructive. They understand that greater compliance is an immediate benefit and avoiding cyber events will help the company retain control of its intellectual property, assets, market share, revenue and reputation.

Mathieu concluded that it is critical to clearly define the roles and responsibilities of every department involved, from the manager to third parties, with a single line of accountability. In his opinion, the mining industry, where traditional boundaries between corporate IT and ICS did not exist, is now autonomous, with the digitalisation of mining sectors in operation.

He stressed that businesses could begin by assisting the maturity of cyber security controls and going beyond traditional operational safety considerations by implementing a secure vision and resilience programme. BHP’s vision is to achieve operational experience by taking advantage of productivity benefits offered by the digitalised and fully integrated ICS setup within its version.

Interactive Discussion

After the informative presentations, delegates participated in interactive discussions facilitated by polling questions. This activity is designed to provide live-audience interaction, promote engagement, hear real-life experiences, and impart professional learning and development for participants.

The first poll asked about the concerns delegates have when considering the current cyber security landscape.  Over half the delegates (54%) went with the Increasing incidence of ransomware, supply chain attacks and vulnerabilities. About a third (29%) said their concern was that legacy systems and lack asset visibility, lack of awareness of what to protect and how. A tenth indicated adversaries targeting OT systems to inflict cyber-physical attacks and 7% opted for increasing remote work arrangements due to COVID-19.

Delegated were asked what they rely on to check and guide the cyber security posture of their organisation. About two-thirds (67%) went with industry compliance-based controls e.g., ISO, NIST, IEC62443. About 15% said that regulatory codes of practice or guidelines passed by a regulatory authority was their go-to while 11% opted for threat-based Risk modelling e.g., Mitre ATT&CK, Lockheed Martin Kill Chain. About 7% chose supply-chain risk management e.g., accreditation schemes to rely on.

Asked about their top key value driver would be to address or fix cybersecurity gaps within their organisation, over half (54%) chose understanding risk with actionable response and remediation. About a third (32%) opted for detecting Threats and Vulnerabilities. The remaining delegates were equally divided (7% each) between securing how Remote Access is done and achieving complete visibility and segmented environments.

Surveyed on what the key adoption challenge within their organisation would be, about one third (36%) answered legacy systems and proprietary protocols in OT. Just over a quarter (27%) felt bridging the IT-OT divide, extending SOC technology and resources to embrace OT would be an issue. Another 27% felt that priorities in OT systems, safety and availability and hesitancy to adopt IT solutions (Cloud, MFA, key management) were considerations. A tenth went with integrating new technology in brownfield infrastructure.

The fifth question asked how they would describe the current state of their cyber security technology stack. Well over a third (39%) say that they have gaps in cyber security trained people and cybersecurity-related processes and professional services. Over a quarter (26%) are looking to better understand what they need and why they need some of the technologies they do not have. Another 26% said while they have a technology stack addressing IT parts of the enterprise, they have specialised technology for OT needs. Just under a tenth (9%) confirmed that they have all the technologies they need to achieve cyber security resiliency and desired posture.

Delegates were finally asked how they would best describe their current state of cyber security operations. To this 54% answered they have a Security Operations Centre that is already catering to IT but need to extend controls to OT. A fifth (21%) stated that they do not plan to have a Security Operations Centre and cyber team and another 21% said they do not have a Security Operations Centre yet but have gone through an assessment and have a defined program. About 4% are in the process of building a Security Operations Centre.

Conclusion

Companies are now developing holistic business continuity plans that can keep your business up and running, protect data, safeguard the brand, retain customers – and ultimately help reduce total operating costs over the long term. Having a business continuity plan in place can minimise downtime and achieve sustainable improvements in business continuity, IT disaster recovery, corporate crisis management capabilities, and regulatory compliance.

In closing, Vijay thanked the delegates for the interesting and insightful session. He gained and learned a lot in terms of how the delegates presented their perspectives on cybersecurity. He invited delegates to reach out to his team and him to explore ways they could assist their organisations on their cyber resilience journey.