Deloitte’s head of Cyber Risk David Owen shared some sobering data in our second session to help make the case of vigilance aiding resilience as ransomware attacks have reached unprecedented levels in 2021 across all industry sectors.
Timeline of an attack
The average period from the initial compromise is approximately 80 days.
- Day 1: initial access – find a way into the system
- Day 1 – 35: Consolidation. They are finding ways to access all systems and devices. Compromise is not identified until now which has allowed time for multiple systems to be accessed.
- Day 35: Ransom note appears. Impact on Target
Challenges that impact recovery include:
- Email communications and lack of access/controls
- Key resources saturation
- Back up/restoration fails
- Systems closed or turned off resulting in loss of evidence and
- Lack of system documentation – old, out of date or not available
While new systems, technologies and Industry 4.0 continue to provide productivity efficiencies, quality improvements and environmental benefits they also expand the cyber risks which need to be catered for in the risk assessment plans.
David recommends being able to identify and prioritise the systems and or items that if compromised stop production, for example, plant and consumption and energy management, factory asset intelligence and factory synchronisation. He advises that any risk management plans need to cater for a total system compromise vs a plant by plant only approach.
The panel for our Cyber Security session featured the Information Security Director from Australian food and beverage giant Lion, Jamie Rossato, Mark Dingley CEO of Matthews Australasia, and Rosanne Jessop, Managing Director of Pilz Industrial Automation whose German headquarters were hit by ransomware attack in 2019.
Their collective takeaways included:
- Identification of all points of connectivity is important
- Team education and reinforcement must be maintained on an ongoing basis
- Establish restoration priorities vs restoring everything in standard sequence
- Restoration involves external expertise to work with internal teams and
- Multi factor authentication is becoming a key component to assist in protection.
Businesses are only as strong as their weakest link. Need to identify and ‘block the holes’ and invest in regular review and restoration testing as the cost will be far cheaper if the business is ever impacted by ransomware.