The Truth About Cybersecurity - 3



and even cost human lives. The Stuxnet attack
of 2010, the attacks on the Ukrainian power grid
in 2016 and the 2017 WannaCry outbreak are
just a few recent events that highlight the urgent
need for industrial organizations to fully understand and apply cybersecurity best practices.
It's time to rethink how you protect and secure
your operations in the Industrial Digital Age.


Cybersecurity defenses strive to thwart
attacks that target and harm operations, assets and individuals. A strong cybersecurity
strategy is increasingly important due to:
ƒƒThe pervasiveness of connectivity across
the plant and its operations, which widens the attack surface.
ƒƒAging critical infrastructure.
ƒƒAging control and safety system technologies.
ƒƒThe proliferation of cybercriminals and
their access to ever-growing tools and
ƒƒAn increase in nation-state and
state-sponsored cyberterrorism.
While Internet and cloud applications are
adding great value to businesses, they also
bring new challenges. A recent McKinsey
report shows that more than 100 billion lines of
code are created annually. Every year, hackers
produce some 120 million new variants of
malware. It's becoming hard to keep up, but
what are our options? Taking advantage of the
business value of the IIoT requires connectivity; and with increased connectivity comes
increased threat. With more portals into your
operations technology (OT) layer, the potential
risks of cyberattack are expanding and so is
their need to be proactively managed.
If your operations are like most manufacturing and process companies, some of the
technology you are using to control and protect
your assets, operations and processes was
designed and installed long before cybersecuri-


ty was as critical as it is now. Many distributed
control and safety instrumented systems-the
heart of your OT-were installed decades ago.
They were never built to withstand modern
Conversely, today's cyberattackers-and
there are more of them each day-leverage
the most advanced technologies and sophisticated tools. Cybercrime is ever evolving, with
cybercriminals constantly developing advanced
technology and skills to compromise your
For industrial operations, attacks on the OT
layer are unlike traditional cyberattacks. OT-focused cybercriminals are not looking for data to
ransom or sell. They seek to disrupt, even cripple, your operations. They want to manipulate
your plant. They want to create a catastrophe.
In many cases, industrial cyberattackers are not
seeking to embarrass your company, make a
name for themselves or even conduct industrial
espionage. They want to shut you down-at
substantial risk to life and environment.
State-sponsored cyberactivity and
cyberwarfare are increasingly prevalent. Five
years ago, cybersecurity meant guarding
against a hacker who wanted to shut down an
employer's workspace because he got fired.
Maybe an attacker wanted to steal your data to
sell it. Today, state-sponsored actors and terrorists, who have unlimited time and resources, are
causing chaos and harm. And they are targeting
your industrial operation.
The good news is, with a strong cybersecurity strategy that encompasses people,
processes and technology, you can safeguard
your operations and stop would-be attackers in
their tracks.


People are your first line of defense. If you
don't have a cybersecurity-awareness program, now is the time to train your employees about cyber-risk and the techniques to
mitigate it. Make sure everyone understands


Cost of
$9.5 million = Average
annual loss from cybercrime
per company worldwide in

$150 million = Average cost
of a data breach in 2020.

69% of organizations have
experienced attempted or
successful data theft or
corruption by corporate
insiders during the last 12

90% = success rate of
attackers sending as few as
10 phishing emails.

$1 billion = Estimated
total cost of damages from
ransomware attacks using
cryptographic file-locking
software in 2016.
$2 trillion = Cost of
cybercrime to businesses by
Noteworthy Cybersecurity
Statistics, CyberArk


Table of Contents for the Digital Edition of The Truth About Cybersecurity

The Truth About Cybersecurity - 1
The Truth About Cybersecurity - 2
The Truth About Cybersecurity - 3
The Truth About Cybersecurity - 4
The Truth About Cybersecurity - 5
The Truth About Cybersecurity - 6