Bringing Clarity with Quantification

Published by Axio

A recent article published in TechRepublic references a research report by Fortinet. The report found that nearly 65% of organizations experience at least 3 OT system intrusions in 2019. As operational technology continues to advance, it becomes an increasing target for threat actors.

It’s essential that organizations protect themselves from these potential cyber incidents. TechRepublic put together a concise and effective list of best practices to keep OT systems safe. Some of these best practices include tracking and reporting vulnerabilities, making OT security a responsibility for not only OT leaders but also the CISO or CSO and compliance reporting for executives. But there’s a missing link we’d like to emphasize.

Facilitating Prioritization and Exposure with Cyber Risk Quantification

One best practice we would like to add to the list would be quantifying their risks efficiently to inform their investment decisions. According to another TechRepublic article, “In the OT environment, there are more-high impact low-frequency attacks, while the traditional security mindset is high-frequency low impact.” These events can be catastrophic to a company and their stakeholders. It’s important to consider the impact of an event in order to determine what controls or insurance policies to invest in to protect the OT system.

Quantification allows security leaders to frame potential cyber threats in business terms so that they can effectively communicate with executive leadership. When security leaders are able to speak in dollars and cents to executives, they can show the significant impact of cyber threats. Additionally, based on impact, leaders can begin to prioritize and protect in order to limit susceptibility.

According to Scott Aaronson from Edison Electric Institute, once you have a pyramid of your priorities, “[You] can solve for the most critical stuff… the more we can do to address high priority threats, we are already making progress to be more secure, and that momentum is only going to help us as we go further down the chain.”

Extensive Impact Supply Chain OT Threats

OT also often plays a big role in supply chain and with globalization, supply chains are connected all over the world. Kevin O’Marah, a former manufacturing and supply chain contributor to Forbes quoted in National Defense Magazine that “The new world of supply chain risk means preparation for widespread, systemic disruption in our immediate future.”

As OT threats are on the rise it’s important for executive leadership and cyber and risk managers to implement and keep in mind these best practices. Cyber events are inevitable, but your company can use quantification and assessment to decrease your susceptibility of catastrophic events. For more information about making the most of your cybersecurity investment with quantification, you can download our white paper.

 

What kinds of risks are worth ignoring? Think about purchasing home-owner’s insurance. A $10,000 policy is definitely enough coverage, right? Sure, really bad things like fires, tornadoes, floods and lightning strikes can happen, but any of things are extremely improbable. Thus conducting an annualized loss expectancy would likely predict that you’ll suffer well under $10,000…

We are excited to announce our newest partnership with cybersecurity consulting firm, Archer. This partnership will merge Archer’s expertise in critical infrastructure protection with the Axio360 platform and allow clients to measure cyber risk exposure in financial terms and manage their cybersecurity program from a holistic point of view. The Axio360 platform will assist Archer’s…