This week, we’re entering Cyber Awareness Month and celebrating 20 years of this amazing initiative, which the U.S. government launched in 2004.
First, it’s great to see the progress made. It’s hard to change people’s behavior, especially in cybersecurity, where adopting good security practices often means giving up some ease of use and speed of execution.
A good example is Multi-Factor Authentication (MFA) which is finally becoming pervasive in many applications, especially newly launched ones that are systematically making MFA mandatory. Consumers and professionals alike are also adopting MFA more broadly – for personal banking and other personal online applications. However, the cybersecurity ecosystem must continue to pressure old applications to upgrade and use MFA as a first critical step towards better cybersecurity.
MFA is only one of the Four Easy Ways promoted by CISA to stay safe online. Password management, phishing awareness, and software updates (patching) are equally important. On this last one, the debate on the best approaches to patching and setting relevant priorities for fixing CVE-based vulnerabilities is still widely open, showing how much more work needs to be done.
CISA's recurring theme for Cybersecurity Awareness Month is “Secure our World.” This theme highlights the need to consider all aspects of our digital economy. Many sectors still need much help and work on cybersecurity.
At DeNexus, we have made it our mission to enable industrial corporations to take control of their industrial cyber risk. All the best practices that apply to a traditional IT world are relevant but must be adjusted for the constraints of an Operational Technology (OT) environment and Cyber-Physical Systems (CPS).
Upgrading OT environments and deploying modern technology to ensure the cybersecurity of factories, power generation sites, the energy grid, and data center facilities can be extremely daunting and costly. Equipment is expensive, and lengthy amortization timeframes rule upgrades. Maintenance downtimes need to be scheduled in advance and are costly; skilled staff need to plan travel to be on-site, and so on.
The status quo can become the easy answer, and too many cybersecurity leaders struggle to justify cybersecurity investments in industrial sites because of their inherent complexity and numerous roadblocks. Cybersecurity Awareness Month reminds us that the status quo is not an acceptable answer.
This is where DeNexus can also help. We look at cyber risk from the business angle, enabling cybersecurity leaders to translate cyber risk captured in technical terms such as CVEs or missing security controls into financial and business metrics that can be presented to decision-makers and used to justify investments.
You must act once you have identified and learned about the security gaps or weaknesses that represent the highest potential for damage and financial loss for your company.
DeNexus also helps once top risks are known. We suggest and run what-if analyses on risk mitigation strategies so that cybersecurity leaders can identify the best path forward and select the projects with the greatest return in risk reduction considering the project costs.
Cyber Awareness Month is a great opportunity to fight the status quo in cybersecurity for industrial environments. Whether you’re a site manager, a cybersecurity leader who’s recently been put in charge of OT cybersecurity, or a security practitioner curious about developing business metrics to articulate the value of your cybersecurity efforts clearly, contact us today at https://www.denexus.io/contact
DeNexus has been named a Cybersecurity Awareness Month Champion. Here are additional resources to get started on your journey towards better industrial cybersecurity.
- Download a sample of our executive report
- Discover the numerous use cases for measuring cyber risk in business and financial terms
- We support many industries: Manufacturing, Data Center Facilities, Power Generation, Electricity Distribution (T&D), and Transportation (Airport).