Worldwide, cyber threats have become increasingly sophisticated and complex.
As organisations embrace new technologies without fully understanding the implications these may have on the entire enterprise, they are rendering themselves susceptible to an array of cyber-security threats.
A cyber attack on an ‘operational technology’ environment can have serious and far-reaching implications beyond just financial losses.
Some of these consequences include prolonged outages of critical services, loss of revenue, environmental damage, reputational ruin of an organisation and even the loss of human life. An attack may even lead to a loss in a percentage of a country’s GDP if it results in major public disorder. The term ‘operational technology’ (OT) refers to the hardware and software used to control industrial processes.
Yanir Laubshtein, director for global cybersecurity strategy and transformation at PwC, says: “Cyber threats and attacks have advanced exponentially. There is a huge shift from traditional cyber attacks on IT systems to operational technology (OT) systems. Laubshtein is in South Africa on a business visit for the South African launch of PwC’s OT Cybersecurity competency specialising in Industrial Control Systems (ICS) & Operations Technology security.
OT systems have long been used in manufacturing, mining, energy, utilities, oil & gas, transport & logistics, and other industrial operations to monitor and control physical processes. Organisations in the power & utilities and mining sectors are especially reliant on OT networks to control their critical industrial operations and infrastructure
Many of these OT environments make up part of a country’s critical national infrastructure. A number of cyber attacks have taken place on critical OT environments such as water supply controls systems, power & utility plants, transport infrastructure control systems, and petrochemical plants. Typically, cyber attacks are aimed at disrupting supply systems, but there have also been attacks designed to cause permanent damage to OT systems.
A more recent motivating factor for targeting an OT environment is cyber-extortion. Highly skilled and motivated antagonists are actively seeking to exploit the processing power of OT systems for cryptocurrency mining or to ransom the stability of the environment for financial gain.
“While many organisations have recognised the need to increase focus and spending on the security of their corporate IT systems, this has not been matched for OT systems, leading to critical vulnerabilities within their organisations. A cybersecurity programme should encompass both IT and operational technology,” says Kris Budnik, Cyber Lead for PwC Africa.
“Our new competency is established to help our clients detect and prioritise cybersecurity flaws in their OT environments. By understanding the risks these vulnerabilities present, decision-makers will be better placed to implement appropriate security measures and maintain effective cyber resilience for their OT networks,” concludes Budnik.