For years, cybersecurity leaders have been fighting against the perception that cybersecurity is merely a cost center, especially in the context of Cyber-Physical Systems Security. With the increasing frequency of government advisories and stricter regulations, this perception has slowly started to shift. However, the recent rise in cyber-attacks on Cyber-Physical Systems has made it more urgent than ever to eliminate this barrier and prioritize cybersecurity investments as a strategic advantage.
Cyber-Physical Systems Security as a Business Enabler
The Cost of a Data Breach
Calculating ROI for Cyber-Security System
Security Capabilities to Maximize ROI
Choosing The Right Vendor
Successful industrial, healthcare, and commercial organizations have begun to unlock the value of digital transformation and cyber-physical system (CPS) convergence. Connecting operational technology (OT) environments to IT networks, out to the Internet, and to a range of Extended Internet of Things (XIoT) devices leads to greater automation, control, efficiency, and convenience. For those who are able to truly excel at it, digital transformation can be a differentiating advantage. But that advantage can quickly evaporate, and organizations can find themselves on shaky ground when threat actors take advantage of new attack vectors that emerge because of increased cyber-physical systems connectivity.
The unavoidable truth is that the more important cyber-physical interconnectivity is to your business, the more essential cyber-physical systems security is as a business enabler. So, cyber-physical systems security must move forward in lockstep with digital transformation initiatives as the costs of not doing so are far too high.
According to IBM's Cost of a Data Breach Report, the average cost of a breach for critical infrastructure organizations was $4.82 million—$1 million more than for organizations in other industries—with healthcare incurring the highest average cost at $10.10 million. Where remote work was a factor, average costs increased by nearly $1 million. For the past seven years, lengthy dwell time also contributed to rising costs - with the average time to identify and contain a breach at 277 days. That’s plenty of time for a minor incident to escalate into a major breach.
Depending on the amount of downtime incurred, the costs of a breach can soar even higher. For example, the average automotive manufacturer loses $22,000 per minute when the production line stops. 45% of respondents to Claroty’s Global State of Industrial Cybersecurity report say the operational impact of a downtime event would cost their organization $500,000 or more in revenue per hour, with 23% saying $1 million or more. In the healthcare sector alone, a massive cyberattack that led to major disruption in patient care for weeks cost Scripps Health $133 million and Tenet Healthcare $100 million after a month-long outage.
Alarmingly, the impact of attacks against critical infrastructure such as hospitals, oil pipelines, water utilities, and food and beverage companies are not only financial. Breaches that take advantage of cyber-physical systems and underlying connected assets can have much more dire consequence. These attacks threaten the physical world we live in and the systems we depend on, putting lives and livelihoods at risk.
The bottom line: The cost for critical infrastructure organizations of doing nothing is not tolerable. The longer an organization goes without the right cyber-physical systems security capabilities in place, the more likely they are to experience a major breach.
Reducing the annual loss expected from a cyberattack is the primary way investments in cybersecurity will pay back a business. The following risk-reduction ROI formula, a variation on CISSP®-ISSMP®’s ROI formula divides annual loss expectancy by the cost of countermeasures, and is useful to measuring the return on investment (ROI) from one or more cybersecurity controls.
If you assume one occurrence per year and use data from the Cost of a Data Breach report, you can preform a straightforward exercise to justify investments that reduce risk. If your organization’s risk threshold is high and you decide to spread the risk of such an attack out over two to three years - and recognize that costs continue to rise, you can still build a compelling case for investments in cyber-physical systems security tools, training, outsourced services, and hiring additional security talent.
Alternatively, you can extrapolate from your organization’s historical data on incidents to determine the occurrences and costs. The danger there is that past performance does not guarantee future results, which is most recently highlighted by the unanticipated global pandemic and the rapid adoption of borderless work. The explosive growth in the interconnectivity of cyber-physical systems, coupled with the rapidly evolving geopolitical landscape and opportunistic criminals, makes for a dangerous situation. For this reason, widely recognized, current, third-party surveys can provide a more reliable and accurate picture of risk.
In addition to a reduction in business risk, there are other benefits to factor in when going to executive leadership and the board for additional security budget.
Compliance: Investments in certain tools can help organizations comply with regulations and avoid fines, loss of clients, lawsuits, and other legal actions.
Operational Resilience: In industrial and healthcare environments operational resilience is crucial because revenue is generated and customers’ lives are improved when OT networks are up and running. Even a partial disruption due to lack of visibility into what is happening on the network can reduce productivity and revenue.
Digital Transformation: As organizations continue to look to digital transformation initiatives to drive business value, the right proactive security measures can ensure those initiatives are backed by a strong security posture so organizations can reap their full value.
At Claroty, we understand the complex and evolving threat landscape that critical infrastructure organizations operate in. Organizations struggle to detect, manage, and secure assets in XIoT environments, particularly in our expanding universe of cyber-physical systems and connected equipment and devices. At the same time, sophisticated attacks on cyber-physical systems require extensive preparation by adversaries and usually take a significant amount of time to carry out, with lots of lateral movement. We believe the biggest advantage defenders can have is to know their networks better than the adversary, so we have designed our suite of products to deliver that advantage and maximize ROI.
The Claroty Platform is an agentless solution that provides asset visibility to identify vulnerabilities and suspicious behavior across cyber-physical systems and underlying, connected devices. Understanding your risk posture is an excellent first step to prepare proactively and focus on addressing likely paths of attack.
Visibility provides the foundation for continuous threat detection and curated, context-rich alerts to get to the bottom of anomalous activity quickly. With granular details of all assets, processes, and connectivity paths in your network, as well as definitive insight into what normal looks like, you can respond rapidly and confidently when alerts are triggered. Early intervention can eliminate or minimize the impact of an attack.
Attack vector mapping identifies the most at-risk assets and zones in your network and simulates the various means through which an attacker could penetrate that network, with a focus on lateral-movement scenarios so you can proactively remediate risk. Additionally, virtual XIoT segmentation controls monitor using policy-defined groups of assets that communicate with one another under normal circumstances, and alert you to unauthorized lateral movement so you can reduce dwell time. You can also track variables like firmware and software versions of assets to inform and accelerate risk and vulnerability management to cyber-physical systems and underlying assets.
Remote work is here to stay, so the need to safeguard XIoT from threats introduced via unmanaged and unmonitored access by remote users is a “must have.” Claroty xDome Secure Access empowers administrators to control access based on roles and policies, centrally manage user credentials, gain visibility into all remote connections and activities, and terminate sessions or view recordings in retrospect for forensic purposes if needed.
We believe the best cyber-defense strategy is establishing a holistic approach. By a unifying cyber-physical systems security with existing IT security capabilities, security teams can successfully mitigate risk. A unified approach to governance offers significant performance advantages and maximizes ROI by allowing organizations to leverage their existing resources and personnel wherever applicable.
In a world where critical assets straddle the cyber and physical worlds, it is paramount that organizations prioritize human safety and operational resilience. The longer an organization waits to implement the right strategies and solutions to ensure safety and security, the more likely they are to experience a crippling beach. With a vendor like Claorty, critical infrastructure organizations can understand their XIoT environment better than any adversary, and can establish a strong, purpose-built, CPS security strategy that diminishes downtime and maximizes ROI.
How ZTNA Strengthens Cyber-Physical Systems (CPS) Security
Solve Your Most Pressing Cyber-Physical System Security Challenges with Claroty and AWS
10 Examples of Cyber-Physical Systems
Interested in learning about Claroty's Cybersecurity Solutions?