TRENDS & TECHNOLOGY
          Dangerous assumptions in cyber security
Deloitte partner for Cyber Risk Advisory, David Owen, one of the keynote speakers at the upcoming APPMA Business and Industry Conference in Sydney, reveals the growing threat of ransomware incidents and the root causes and issues that supply chain leaders, shareholders and boards need to consider to avoid dangerous assumptions.
The industrial revolution saw the introduction of technology that largely resulted in removing people from the production process to drive efficiency. Smart factories are the next step in that process that will deliver innovative benefits, but also see our dependency on technology rise significantly
Deloitte partner for Cyber Risk Advisory,
David Owen, will be presenting on this topic at
an upcoming APPMA event, reveals the growing threat of ransomware incidents and the root causes and issues that supply chain leaders, shareholders and boards need to consider to avoid dangerous assumptions.
“Many organisations are embracing digitisation, including converging IT with Operational Technology and leveraging cloud and Industrial Internet of Things technologies,” he says.
“The pandemic forced many organisations to quickly enable remote access for their OT personnel, resulting in OT environments being more exposed to increasingly sophisticated cyber threats.
“If there is a ransomware attack causing a catastrophic failure, there are many questions production teams need to consider in advance of an attack, including the immediate safety for workers to remain in the factory or across various sites and how to communicate quickly with internal and external stakeholders.”
He sees resilience as an end-to-end concept and organisations need to invest in understanding their system’s ability to withstand and respond to an attack.
6 JULY-AUGUST 2021 MACHINERY MATTERS
“Boards and management are often told to trust, but it is worthwhile to verify and see plans and testing take place, and make sure they are working effectively. Ask lots of questions and go and ‘kick the tyres’ in the engine room if required,” explains Owen.
“If the discussion is about where to direct investment to help protect against cyber security attacks, at some point you need to compare future transformation or building new factories or updating sites with new technology or doing nothing.”
He says not everything is important, and the parts of the process that are mission critical are the ones that needs to be zoomed in on those steps first.
“Many leaders assume they have ‘back ups’ and that this is an IT issue, but in reality it will be a supply chain issue,” Owen continues.
“We’ve seen situations where an attack
has also affected
all downstream customers... Who would be affected if you were attacked?”
“We’ve seen situations where an attack has also affected all downstream customers. When TOLL went off the air, lot of businesses who relied on them were affected. Who would be affected if you were attacked?”
One of the key areas of focus is detection as the data shows that it takes 201 days on average to identify a cyber breach, giving attackers on average more than six months to prepare and launch their ransomware attack.
It can take less than 35 minutes to ransom an entire network for a large distributed global organisation and 50 per cent of ransomware attacks leverage the supply chain.
There is often a ‘dwell time’ between the initial compromise of a network and when the attack strikes. “The initial entry point might be a phishing email, that persuades the user to login to a third party site,
providing password and username allowing malware to be loaded onto your desktop,” Owen says.
“Gateways with secure remote access which allow external parties such as overseas based equipment vendors, who connect to access and monitor your equipment can also be a point of entry.
“Another growing issue is cyber insurance where many insurers are retreating from this space and will no longer fund ransom payments.” ■
APPMA is committed to providing the packaging and processing sector with informative content on topical issues. Find out more at www.appma.com.au