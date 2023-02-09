Just like with digital transformation, the temptation to completely uphaul an entire cyber security network at once might be pre-emptive and ineffective. It’s more useful to drip-feed improvements, beginning with the fundamentals. Pal explained that it’s important to isolate the “quick wins” first, which are quick to deploy and show runs on the board. Committing to a million-dollar project in this space can lead to executives running out of patience, killing it, leaving areas for hackers to exploit.

Pal also emphasised the importance of separating the IT and the OT environments.

“You cannot talk about manufacturing in one set. IT and OT are two different things with different purposes, levels of importance and impact. The threats for both are very different and they need to be treated separately.”

When hiring new people to help businesses sure up their critical infrastructure and data, Pal looks for one main quality.

“Cyber qualifications certainly help, but the key is having that curious mind,” he said. “It’s the desire to constantly look and understand for problems, to me that’s the differentiator.”

Operational technology holds the key

OT is crucial to automating and driving efficiencies within the manufacturing process. Traditionally, OT environments have not been as well secured as IT environments, which is a big mistaken for manufacturing.

Having no security on the factory floor opens the door for ransomware attacks locking up operations, costing far more money than an attack on the IT system.

“The impact of an IT incident in manufacturing is very, very different to say the impact of an IT incident for a company such as RSM, for example,” he said.

“At the end of the day, for manufacturers, remaining operational and getting inventory out the door is all that matters. We take that philosophy into all our manufacturing clients who really appreciate it because they see we are identifying their major pain points, understanding the importance and potential impact on the business and acting accordingly.”

To hackers, OT environments can be seen as a soft underbelly without the cyber security attention their IT cousins have had. OEMs aren’t cyber security experts themselves, so a lot of the vulnerabilities can stem from the equipment itself.

The internet of things is becoming increasingly prevalent in the industrial environment, and with OT and IT environments converging, the Australian Government has recently created a voluntary code of practice for IoT equipment to protect itself from cyber-attacks.