Cyber threats are growing increasingly complex and sophisticated across the globe. As businesses embrace new technologies without fully understanding the implications these may have on the organisation, they are leaving themselves vulnerable to a variety of cybersecurity threats.
Cyber attacks on operational technology (OT) environments can have serious and far-reaching consequences that go beyond financial losses, including prolonged outages of critical services, loss of revenue, environmental damage, reputational ruin of an organisation, and even the loss of human life. An attack has the potential to affect a country's GDP, if it results in major public disorder.
Yanir Laubshtein, director for Global Cybersecurity Strategy and Transformation at PwC, says cyber threats and attacks have advanced exponentially, and PwC is seeing a shift from traditional cyber-attacks on IT systems to attacks on OT systems. With this in mind, and to help the industry combat attacks against OT environments, PwC has introduced an OT Cybersecurity competency, which specialises in industrial control systems and OT security.
Laubshtein says OT systems are used in industrial operations to monitor and control physical processes, including manufacturing, mining, energy, utilities, oil and gas, transport, and logistics. Businesses in the power and utilities and mining sectors are particularly reliant on OT networks to control their critical industrial operations and infrastructure.
Critical national infrastructure
A country's critical national infrastructure comprises many such OT environments and, to date, there have been a number of cyber-attacks on critical OT environments.
"Typically, cyber-attacks are aimed at disrupting supply systems, but there have also been attacks designed to cause permanent damage to OT systems," Laubshtein says.
However, cyber extortion has also emerged as a motivating factor behind attacks on OT environments. In addition, skilled and motivated attackers are looking to exploit the processing power of OT systems for cryptocurrency mining or to ransom the stability of the environment for financial gain.
"While many organisations have recognised the need to increase focus and spending on the security of their corporate IT systems, this has not been matched for OT systems, leading to critical vulnerabilities within their organisations. A cybersecurity programme should encompass both IT and operational technology," says Kris Budnik, cyber lead for PwC Africa.
According to Budnik, PwC's new competency was established to help its clients detect and prioritise cybersecurity flaws in their OT environments. "By understanding the risks these vulnerabilities present, decision-makers will be better placed to implement appropriate security measures and maintain effective cyber resilience for their OT networks."
Share