Cybersecurity Awareness Month 2024
Elizabeth Ruiz, Editor, Maintenance World
Posted 10/16/2024
Cybersecurity Awareness Month 2024
Created in 2003 by the US Department of Homeland Security along with the National Cyber Security Alliance, Cybersecurity Awareness Month 2024 aims to ensure that every individual stays safe and secure online and to generate discussion on cyber threats. (1) (2)
2024 presents new challenges to the cybersecurity landscape. Security teams are having to achieve more with fewer resources due to the widening gap between escalating threats and tight budgets. (3)
Key findings from NTT Data’s Global Threat Intelligence Report show that the biggest threats this year are:
- New advances in ransomware and malware tactics
- Need for vulnerability intelligence
- Rapid adoption of exploit code for severe vulnerabilities – particularly with generative AI
Another finding from the report shows that the manufacturing sector has surpassed the technology sector as the most targeted sector, with a continued focus on disrupting supply chain critical infrastructure. Download the full report. (3)
Cybersecurity Tips for Reliability and Maintenance
With the manufacturing sector being the most targeted, cybersecurity is more important than ever in our asset management and reliability and maintenance practices. Industrial Defender has created an essential list of tips for maintenance supervisors and technicians to keep in mind while working with operational technology:
Maintain Comprehensive Asset Inventories
Know about every piece of hardware, software and systems interacting with your network. Accounting for everything helps avoid hidden risks so that nothing goes unnoticed. This is your first line of defense. Know every detail of your systems
Strong Monitoring Configurations
Asset inventories should be more than just a list of devices. Make sure to include details such as software versions, configurations, open ports and services, and known vulnerabilities. High-level tracking makes it possible to spot sophisticated threats that may have gotten through the initial defenses. Good monitoring configurations and services allow you to find issues even if everything seems fine.
Passwords and Multi-factor Authentication
A general (but easy to forget) cybersecurity rule from CISA is to have strong passwords and use multi-factor authentication (MFA). It is vital to ensure that Human-Machine Interfaces (HMIs) and workstations are meeting password policies and enabling MFA. Check these configuration elements regularly and correct them if they are not in compliance to prevent unauthorized access.
Manage Software Versions
Another tip from CISA – keep software updated. Avoid rushing updates or making changes that can disrupt the system. Using your asset inventory and monitoring software versions will help you make informed decisions about when and how to apply updates safely with minimal risk.
Automate Monitoring
Automation is key for staying ahead of threats without overwhelming your team. Automation ensures that you have up-to-date info on your systems. Integrating various data collection methods increases safety, reduces human error, and frees up time to focus on other security tasks.
Be Aware of Change
Significant changes in the OT environment are a red flag. Set up alerts for deviations and monitor for changes in real time. This helps you catch potential threats early and respond quickly to protect your systems from being exploited.
Good Reporting
Monitoring is only valuable if you can understand and act on the data. Make sure reporting systems are clear and accessible. (4)
Read these articles for even more information about cybersecurity:
How to Protect Your Business from Cybercrime
Making Sense of NIST & Cybersecurity Requirements for Maximo
Enjoy this insight about Cybersecurity Month 2024 from one of our contributing experts:
Bryan Christiansen, CEO and Founder of Limble CMMS
“Modern maintenance teams are increasingly transitioning from manual processes and on-premises software platforms to cloud-based, mobile-first Computerized Maintenance Management Systems (CMMS). Although the cloud offers enhanced security, it also comes with a new set of security considerations maintenance teams should be cognizant of when vetting new tools. Threat actors know that sometimes the best way to breach a high-value target is through its vendors and partners. These third parties often have access to internal systems or data but tend to be softer targets. And any breach among vendors or partners can compromise sensitive data, disrupt operations, and lead to significant financial and reputational damage.
Ensuring robust cybersecurity measures involves securing internal systems and thoroughly evaluating all vendors and partners. In recognition of Cybersecurity Awareness Month, I encourage all maintenance and operations teams to review the security practices, privacy and data protection policies, security certifications and incident response strategies of all vendors in their technology stack. When vetting vendors, including those providing CMMS, it is essential to ask key questions to ensure they meet stringent cybersecurity standards. These questions should include:
Security Culture and Employee Protocols
- Do you run background checks on all potential employees and contractors prior to hiring?
- How often do employees receive security training?
Operational Security Processes and Policies
- What cybersecurity frameworks and standards do you adhere to?
- How are user credentials managed and stored?
- What are your protocols for detecting and responding to security incidents?
Data Handling and Protection
- How is data stored, managed and protected?
- Is the data encrypted in transit and at rest?
Third-party Assessments and Certifications
- Can you provide evidence of regular independent security audits and compliance certifications?
- Is your company SOC 2 Type II certified?
- Do you conduct regular penetration testing?
Additionally, understanding their approach to third-party risk management and how they secure their own supply chain is crucial. By asking these questions, you can better assess the cybersecurity resilience of your vendors and partners, ensuring a more secure and reliable facility maintenance operation.”
References:
1) https://www.cisecurity.org/insights/blog/october-national-cybersecurity-awareness-month
2) https://www.cisa.gov/cybersecurity-awareness-month
4) https://www.industrialdefender.com/blog/cybersecurity-awareness-month-2024
Midweek with Maintenance World
Looking for a midweek break? Keep up with the latest news brought to you every Wednesday by the Maintenance World crew.