Australian organisations are no strangers to the consequences of a successful cyber attack. The system outages, financial loss, and reputational damage resulting from a ransomware infection or data breach are now part of the weekly news cycle.
But what is becoming an increasing concern is the potentially catastrophic impacts of cyber attacks on critical infrastructure. After all, the consequences of such a breach go further than financial loss. They include the potential for prolonged outages of essential services and, subsequently, impacts on health, safety, and even national security.
We only have to look at recent global incidents, to demonstrate why it is essential that industries and organisations urgently assess and uplift their cyber resilience.
As the lines between physical and digital disruption are blurred and attacks become more of an inevitability than a possibility, there is a growing need to shift from a preventative mindset to a more holistic, resiliency-based approach across people, process, and technology.
A holistic view of resilience requires a five step approach:
Proactive assurance activities and security testing
Penetration testing - or hacking your own system - gives you the opportunity to find and fix weaknesses before cyber attackers do in a safe and controlled manner with the right specialists involved.
Establish an “OT Cyber Champion” or expanding the role of the CISO
Having a defined cyber champion helps elevate cyber safety conversations across your engineering and operations workforce.
Go beyond natural hazards
Regularly practice cyber crisis response through exercise and drills. It is important these are conducted with representation across all key business stakeholders - not just cyber security, as the dependencies and flow-on effects of cyber disruption are sometimes not understood until an incident occurs.
Bolster business continuity plans
Ensure business continuity plans cover scenarios for ransomware and system unavailability, including the links between mission critical systems and corporate systems.
Make measurement key
In order to improve resilience and sustain it, businesses need to accurately report on the risk landscape, including how risks are changing based on the steps being taken.
With experts in cybersecurity, industrial control systems, and business risk, PwC can bridge the gaps in organisation, overcoming the siloes that can impede the building of resilience.
If you or your organisation are looking to strengthen your cyber resilience, get in touch with us today.
Robert Di Pietro
Cybersecurity & Digital Trust Leader, PwC Australia
Tel: +61 418 533 346
Mike Younger
Partner, Cybersecurity & Digital Trust, PwC Australia
Tel: +61 490 093 981