Thursday, 10 October 2024
22.7 C
Durban

Why human assets are the key to protecting your company from cyber assaults

Home Engineering Automation & Control Why human assets are the key to protecting your company from cyber...
by Canninah Mapena

WHILE digital transformation and the move to the Connected Enterprise offer brilliant benefits to organisations – improved visualisation, better and faster data acquisition and processing, remote support, and informed decision-making – there is industry-wide concern that the “smart” enterprise is increasingly vulnerable.

More connected technology may mean more opportunities for cyber-attack. Add to the mix remote work, where employees are potentially working on their home or personal computers with insufficient anti-virus software, and the concern increases.

Bringing this into a manufacturing, process or mining environment, the threats presented by cyber-attacks go beyond malware, denial of service or ransomware and towards debilitating bugs and downtime. In a process operations context, risks include costly production stoppages and the potential for human harm.

One harrowing example was reported by the New York Times in 2018, where a petrochemical plant in Saudi Arabia was hit by a new kind of cyber-assault that was not designed to simply destroy data or shut down the plant. Investigators believe it was meant to sabotage the firm’s operations and trigger an explosion. Luckily, the attack was prevented by an error in the attacker’s coding.

While this is a rather drastic example, the message is clear: the risks are very real. So how can we go about protecting our Connected Enterprise?

The obvious option is to have trusted, high-quality, plant-wide industrial cybersecurity. To ensure our customers have access to this, Rockwell Automation recently acquired Oylo, an industrial cybersecurity services provider based in Spain.

Oylo is dedicated to providing a broad range of industrial control system (ICS) cybersecurity services and solutions, including assessments, turnkey implementations, managed services and incident response.

However, there is another element to consider when protecting your virtual and physical assets: your human assets. While many cybersecurity firms classify the “human aspect of cybersecurity” as a weakness or security threat due to the subjectivity of human behaviour, I am not a fan of this definition. It suggests that your own people are working against you, or don’t have company success in mind.

While it’s not impossible that deliberately malicious actors may exist within a company, logic would argue that an organisation’s own people surely prevent more attacks than they cause.

Think about it: whenever someone ignores a phishing email, they keep a network secure. When your colleague locks their computer screen before taking their lunch break, they prevent potential unauthorised access. When a staff member closes a website following a security warning, they are keeping your network secure.

At Rockwell Automation, we believe that your people can be your biggest defence. Humans have a unique ability to actively prevent attacks – it might just take some training and awareness. While digital skills are not particularly abundant in South Africa, this a showstopper.

In many cases, this can be easily rectified with some basic in-house training and perhaps annual cybersecurity workshops. This will go a long way in empowering your team to protect your company’s assets. It is worth investing some resources in upskilling and creating awareness in your team, as it will lead to improved business continuity and more resilient technological infrastructure, ensuring you maintain your company’s cutting edge.

Here are my five top tips when it comes to training your staff:

  1. Ensure your training initiatives are engaging. Blunt lectures aren’t memorable and won’t stick.
  2. Use practical examples to reinforce best practice.
  3. Hold regular refresher courses that explain new trends in cyber-attacks.
  4. Implement an incident-response policy so that staff are never in doubt about what to do in an attack scenario.
  5. Be the kind of manager your staff can approach if they have made a mistake and opened your business to risk.

As connected smart devices are introduced into the plant floor, having a comprehensive cybersecurity strategy that protects your operational technology and information technology is critical now more than ever before – and people are key in this strategy.

To be successful in your organisation’s journey to a Connected Enterprise, remember that your people are integral in this journey. Failing to consider their importance in keeping your environment secure and operational may see your company name in the next cyber-attack news headline.

Canninah Mapena is Managing Director, Rockwell Automation Africa

 

Most Popular

UKZN institute’s new high-tech rocket launch gantry a first for SA

ENGINEERS at the University of KwaZulu-Natal’s Aerospace Systems Research Institute (ASRI) have commissioned a new suborbital sounding rocket launch facility at the Denel Overberg...

State-owned energy company formed by merged subsidiaries

A POLICY statement by President Cyril Ramaphosa has resulted in the formation of a new state-owned petroleum company, the South African National Petroleum Company...

Time is running out on the 125% solar tax incentive

BUSINESSES that act quickly can still take advantage of the substantial 125% income tax incentive available for solar energy projects completed and operational by...

Diversified packaging group disposes of assets, refinances

NAMPAK Limited, the largest diversified packaging company in Africa, issued an update on Monday on key company developments including the asset disposal program and...