As the world becomes more digitally connected, the need for strong cybersecurity practices is increasing exponentially. Over the past year, organizations across industry verticals made rapid pivots and transformations to lean heavily on technology for their business operating models.
During that somewhat chaotic time, cyber resiliency may have taken a back seat on the list of essential priorities. Now is the time to revisit those new capabilities and put the proper cyber protections in place.
Cybersecurity is not a one-size-fits-all strategy. Depending on your industry, there are several key factors to consider, and you should customize your security implementation to your organization's needs. These focus areas, in four key industry verticals, can help improve your approach as you shift from cybersecurity to cyber resilience.
Life sciences: A focus on intellectual property
Life sciences organizations are primarily investing in cybersecurity to protect their intellectual property (IP). For pharmaceutical companies, IP includes formulas for medicines and treatments with life-saving capabilities. If those formulas were compromised by a cyber attack, the consequences could be fatal at worst, and financially bad at best.
For example, hackers with full access to the factory floor could manipulate the formulas for medicines in production, creating an unsafe concoction for the consumer. Or an attacker might deploy ransomware to the systems on the factory floor, taking the factory down until the company could effectively remediate the hack by either paying the ransom, or going through a full disaster recovery process.
In a year when healthcare has been even more important to society than usual, there are still few regulations for cybersecurity compliance within this industry. Performing cybersecurity improvements or upgrades requires companies to stop production lines on pharmaceuticals or medical devices, effectively cutting off their revenue streams, which can deter companies from moving forward with aggressive cybersecurity implementations.
However, there are still ways to bolster their cybersecurity programs. Life sciences organizations need not only to plan for potential future compliance regulations, but concentrate on limiting the severity of a potential breach.
Properly segmenting networks can limit an attacker's access to critical data and cut off the path that damage could take. Companies should also prioritize improving visibility into the risks associated with other attack vectors, such as insider threats that can lead to IP theft or accidental data leakage.
Automotive: Protect operational tech
Today's cars, in many cases, are computer systems with wheels. These systems need to be developed securely from the ground up, with secure communication across their connections to infrastructure, and to devices inside and outside the vehicle.
The automotive industry has regulations with cybersecurity standards that manufacturers must meet. Compliance doesn't always equal security, but it's a good start, and the car companies are jostling for position to meet those standards. This is critical, because the industry's IT departments are getting more connected to operational technology (OT) — the hardware and software that monitor or control industrial systems, from smart cities to manufacturing.
The broader the connectivity, the more likely that the attack surface for hackers has broadened, since vehicles are becoming more connected to the Internet and to other vehicles. The larger the attack surface, the greater the risk to the safety of these vehicles.
It's important for automotive organizations to maintain their business processes and functions while also maximizing operational resilience. By improving the cybersecurity posture of their OT infrastructures, organizations can reduce their converged risk on the connection between OT and IT.
Energy and utilities: Deal with compliance rules
Utilities were some of the first companies to invest in cybersecurity, mainly due to heavy regulations that enforced strict compliance. The threat of hefty fines, as high as $1 million per day per security incident, has led these organizations to strengthen their cyber defenses by meeting and exceeding those standards.
Within the energy sector, oil and gas companies are increasing investments in cybersecurity due to a safety-first culture. Before profits and costs, safety is the absolute top priority, the companies say.
As IT and OT interconnect and create incredible capabilities to improve efficiency and automate tasks, organizations must recognize the security implications.
Cyber attacks occur within IT, but if hackers can make their way onto the OT infrastructure, the consequences could create a very unsafe situation for both on-site workers and any civilians nearby.
Energy and utility companies must ensure that their operational technology stays segmented and protected from any threats emerging on the IT network to keep employees and communities safe from a potential crisis.
Media and entertainment: Secure content
During the pandemic, people have formed new habits, and businesses have started to take new approaches to connect with their customers. While out-of-home entertainment is reeling under the effects of lockdowns and social distancing, the global market is expected to see remarkable growth.
For the media and entertainment industry, the primary cybersecurity focus is securing content—whether it is purchased from a production company or produced in-house. Content is both the IP and revenue stream, so these organizations should prioritize data and cloud security, along with identity and access management, to ensure that only the right people are able to access approved, specified content.
There's also a focus on partner security, since these organizations work with several third-party companies at a time. Unlike the industry verticals mentioned above, media and entertainment companies don't have a significant OT element to their security operations, but breaches within the IT network can still have severe consequences.
Bad actors can exploit through a host of different means, including using offensive and threatening content, pirating goods, and directly engaging with unsuspecting fans and consumers in a way that they previously could not.
Boost your resilience through awareness
The quick decision making by organizations across industries to transform their capabilities and leverage technology has in many cases helped keep their businesses not only afloat, but thriving. However, these new technology initiatives must come with a strong sense of cyber awareness.
Attack surfaces and access points are ballooning, and connectivity is reaching unfamiliar levels. A breach right now—during an economic downturn—could be devastating to a business. Organizations must recognize their priorities, and focus security based on the industry they are in.
All companies must create a culture of cyber awareness that champions operational resilience. The investment in a strong foundation can prepare businesses for future disruptions while reducing the risk of a potential disaster.
