Ursula O’Sullivan-Dale speaks to a roundtable of experts in cybersecurity to discover how the threat landscape has changed for firms and what they can do keep (cyber)safe…
As companies become increasingly reliant on digital and internet-enabled technologies, especially within the warehouse and throughout logistics processes, their vulnerability to cyberattacks increases. AAG IT, a UK-based computer support services provider, found that, in 2022, 39% of UK businesses reported experiencing a cyberattack and that cyber-crime cost UK businesses an average of £4,200.
These findings highlight just some of the difficulties firms experience when trying to navigate a growingly complex digital landscape, where potential threats come in many forms – from scam emails to lack of password management protocols. Such risks have been fuelled by an increasing number of people working from home after the pandemic, which makes both individual employees and employers more vulnerable through the introduction of unauthorised technologies and movement away from an organisation’s central cyber defence systems.
With the growing prominence of Industry 4.0 technologies across a range of industries, the need for organisations to prepare appropriately for cyberattacks and implement effective mitigation strategies has never been greater. With this in mind, Robotics & Innovation spoke to a selection of leaders from the world of cybersecurity to identify how businesses can embed cyber resilience throughout their organisation and workforce. These included: Micheal Jenkins, CTO of ThreatLocker; Gary Kinghorn, senior director of Nozomi Networks; Luca Rognoni, CSO and founder of YEO Messaging; and Rick Jones, CEO & co-founder of DigitalXRAID.
Q: How has the threat landscape evolved in recent years for those using digital or connected technologies? Are there any major trends organisations should look out for?
Luca Rognoni: The threat landscape has evolved dramatically in recent years due to new technologies like IoT, cloud services and deeply connected systems. This not only allowed new cyber threats to emerge but also expanded the attacking surface for existing threats. Some of the major trends an organisation should look at are IoT and remote or hybrid working. IoT – IoT is everywhere, in everyone’s home or in any type of organisation, providing new entry points due to new connected devices, data transmission, access points but also providing new pivoting points to reach internal networks or systems inside an organisation. Remote/hybrid working – After the pandemic hybrid or full remote working environment has increased and, though these types of working models provide great flexibility and cost efficiency for an organisation, they also provide an expanded attacking surface for an organisation, as the defensive network perimeter of the organisation extends beyond on-premises or cloud infrastructures to remote worker infrastructures and networks.
Rick Jones: The economic environment and way of doing business has radically shifted in recent years. Catalysed by the Covid-19 pandemic, businesses have been forced to rapidly digitalise, with expedited digital transformation projects and increased migration to the cloud, in an effort to maintain operations and drive business in a hybrid working world. Simultaneously, this has expanded the attack surface for bad actors to exploit. In the current economic climate businesses are operating on tight budgets. Dedicating sufficient resources to improving cybersecurity is therefore a significant challenge – especially for smaller organisations with even less investment to work with – all while IT and security teams are likely already overworked, with the cyber skills gap in the UK growing by more than 70% last year. Only by implementing proactive security measures to strengthen their cybersecurity posture can businesses mitigate attacks and deter bad actors.
Q: With the majority of cyber risks coming from human error, a key aspect of improving an organisations’ cybersecurity is prevention through training and awareness. How can education about threat mitigation offer firms protection?
Luca Rognoni: Any organisation needs humans to perform critical tasks – so people are part of a threat attacking the surface. An organisation’s security is only as strong as the weakest employee. For example, cyber threats that use social engineering techniques are often underestimated or overlooked. A threat starts with simple and common human interaction or routine tasks that don’t involve digital technology: tailgating, eliciting, pretexting, impersonation, phishing, scam etc. A trained employee at the front/help desk can recognise a threat at the very beginning, playing a crucial role as a first defence before the threat escalates. Deploying technology that helps employees to reduce their chances of making mistakes, defining clear policies with roles and responsibilities and determining procedures to properly escalate different situations are critical parts of an organisation’s information security programme – but they are only as effective as the level of awareness of the weakest employee involved.
Michael Jenkins: All staff need to be trained in cybersecurity and phishing awareness from enrolment and should take part in an annual refresher. Companies should also implement a cybersecurity strategy that limits access to data stores and applications – restricting user access levels, admin rights and privileged access – and opt for a solution that acts as a firewall at the endpoint level. This can block applications from communicating with others unless specifically allowed – preventing malicious software from sharing code or scripted instructions from spreading.
Rick Jones: For any organisation, its people are the first line of defence against potential data breaches. Although awareness training and simulations are a vital element of any mature cybersecurity strategy, humans are fallible. There is always a chance that a cybercriminal slips through an organisation’s frontline defences. The rise of phishing is proving successful for cybercriminals, with malicious emails sent to employees in the hope of gaining access to the organisation’s systems and IT infrastructure. Yet, the Department for Digital, Culture, Media & Sport’s (DCMS) 2022 Cyber Security Breaches Survey found less than 20% of businesses stated to have had training or awareness sessions on cybersecurity in the previous 12 months. Not only does the value of cybersecurity need to be instilled in employees, but the importance of cybersecurity training must be understood and then implemented across all organisations of all sizes.
Fundamentally, training and awareness programmes help to promote a security-first mindset across an organisation – from the frontline to the boardroom. Conducting frequent cybersecurity awareness training with a ‘little and often’ approach is advised, covering best practice like how to use strong passwords, keep devices secure and recognise phishing attacks. Regular phishing simulations are especially effective for helping employees defend against social engineering attacks.
Q: What are some of the preventative tools and technologies organisations have been or should be investing in to decrease the risk of cyberattacks?
Gary Kinghorn: Visibility plays an essential role in good cybersecurity hygiene in warehouses, and is why IT, IoT and OT systems must be seen as one entity. The adoption of security solutions that integrate IT, OT and IoT is essential for gaining a complete view of environments within warehouse automation systems, as they provide continuous monitoring and guard against vulnerabilities, threats and anomalies within the automation environment.
Michael Jenkins: There are various ways to safeguard an organisation’s IT environment. Implementing a ‘zero trust’ mindset within an organisation can protect a business from the weaponisation of trusted applications. Most cybersecurity tools have to recognise malicious files or behaviours to respond to such campaigns. This philosophy of ‘deny by default’ or ‘permit by exception’, means if even trusted software is breached, organisations are protected to the extent that even compromised software cannot run other files – including payloads like those delivered by the 3CX breach. These payloads simply are not permitted to execute.
Luca Rognoni: AI/machine learning is now part of many automated security tools and an important aid for Security Operations Centre (SOC analysts) looking to quicker examine massive threat intelligence and Indicator of Compromise (IoC) to improve policy response and detection. The ‘zero trust’ security model [also works] to secure networks and infrastructures. In this model, access is always verified, all the time, for all resources, it has many benefits compared to the perimeter-based security model, for example…it merges security and flexibility in cloud, hybrid or local network as it assumes that there is no traditional network edge.
Rick Jones: To really put themselves in the best defensive position against the expanding threat landscape, engaging with a trusted security partner is one of the best ways that businesses can bolster their cyber resiliency and reduce the likelihood of a breach. With the ever-expanding cyber skills gap and the economic squeeze on spending, expensive security tooling isn’t a viable option for most businesses. Security partners can offer independent advice and use the latest in innovative technology to conduct vulnerability scans and penetration testing to identify unknown weaknesses in security posture, giving in-house teams the time and support necessary to remediate vulnerabilities. Ultimately, for those attacks that do sneak through, introducing a managed service like an SOC will allow for a more holistic approach towards proactive cybersecurity protection for retail businesses.
Michael Jenkins: With so many tools available to businesses, it is easy to get overwhelmed when reviewing your cybersecurity strategy. To simplify this process, start with controls like application whitelisting; application containment; multi-factor authentication; firewalls; Privileged Access Management; storage control; and network access. As attacks become more sophisticated, it is important to have a third line of defence and remediation. This can be done with threat detection/operations software such as anti-spam/phishing; endpoint detection and response; managed detection and response that uses outsourced cybersecurity services; extended detection and response that detects threats and integrates multiple security products into a cohesive system; antivirus; and threat hunting, which actively searches for malicious software within an environment that may not have triggered any alerts.
Q: What are the major risks to businesses that do not acknowledge the growing significance of cybersecurity?
Michael Jenkins: With the national average IT defence spend still extremely low at 11.3%, it’s no surprise to see so many UK businesses falling under attack, the most prevalent dangers being password hacks, phishing, malware and internal breaches, as well as employee irresponsibility. The global economy has seen many SMEs cut back on defence resources – but this will only play havoc in the long run. Firms must be prepared to put money into their security systems, or they will ultimately end up paying a much higher price.
Luca Rognoni: Personal digital data is everywhere and constantly moving around the world through networks. A major risk for an organisation is the breach of rules and regulations that protect confidentiality, integrity and availability of this data, which lead to an escalation of financial losses, reputation, market share and customer trustiness.
Rick Jones: In this environment, cyberattacks are no longer an ‘if’ but a ‘when’. Businesses urgently need to find ways to proactively bolster their cybersecurity and mitigate against growing cyber threats. Falling victim to a cyberattack can be fatal for any business, with disruption and downtime posing both financial and reputational threats to brands. That’s not even taking into account the reputational risk of falling victim to a cyberattack, with the lost trust from customers and partners having a further detrimental effect on future business growth.
Q: Why is it important for organisations to create a cybersecurity risk management strategy?
Luca Rognoni: A risk management strategy is important because cybersecurity risks cannot be eliminated. A cyber risk is never removed or, quantitatively, reduced to zero. Knowing what cyber risks an organisation can face means being able to evaluate the impact on the organisation’s business and implement the correct risk management strategy: Accept, transfer, mitigate or avoid the risk. A correct risk strategy reduces the likelihood of cyberattacks and minimises the impact of any incidents that do occur. A cybersecurity risk management strategy is part of the risk assessment process, which is the macro-level process of assessing, analysing, prioritising and making a strategy to mitigate cyber threats. It’s an iterative process that involves several processes: risk assessment, risk analysis, risk management strategy, monitoring and starts with an assets inventory. To be able to assess risks an organisation must build a comprehensive assessment of the organisation’s assets, including information, systems, processes and personals.
Rick Jones: With threats increasing in both scale and sophistication, it’s imperative that businesses have an effective cyber security strategy in place. With a Cybersecurity Maturity Assessment (CMA), any organisation can confidently navigate through digital transformation projects and business growth with a clearly defined risk management plan. To protect the business and get a full understanding of inherent risk profile and current security posture, organisations should conduct a CMA to evaluate operational resilience and cyber security procedures aligned to the National Institute of Standards and Technology (NIST) Framework. The NIST Cybersecurity Maturity Framework comprises five key domains: Identify, Protect, Detect, Respond and Recover. Resilience indicators in the CMA report will highlight weak areas with guidelines for improvement that delivers a future cybersecurity roadmap. By focusing on risk reduction and increased cyber maturity, businesses gain a coherent cyber security strategy aligned to strategic business goals.
Gary Kinghorn: With the rise of IoT and Industry 4.0, a wave of adoption of IT and IoT solutions at all levels of warehouse architecture poses a serious cybersecurity issue. The end goal of cybersecurity strategy, especially when it comes to automating warehouses and adding to the connectivity of any environment, is ensuring operations are protected from cyberthreats and resilient in the face of an attack. That’s why it’s important to have complete and continuous visibility. After all, as the saying goes, ‘You can’t protect what you can’t see.’ And it is not just about visibility related to physical surveillance, but to all the potential cyber entry points that an attacker can exploit to establish a beachhead within a building or its systems.
Q: 3PLs and other firms working throughout the supply chain rely on large quantities of data for their daily operations. Why are these organisations especially at risk of cyberattacks?
Rick Jones: Ransomware attacks on supply chain organisations such as Kojima Industries and SolarWinds are increasing, highlighting the key vulnerability of supply chains as cybercriminals look to leverage them to access their wider network. Supply chains must recognise the importance of a strong cybersecurity posture and understand the risks of being part of a supply chain. Supply chains will continue to be a huge target for hackers, and the levels of cybercrime in the UK show no sign of abating. These risks can be mitigated, but this must be done proactively and holistically to always stay one step ahead of bad actors.
Michael Jenkins: As various functions of a business become stretched, outsourced and spread wide, [as is seen in the supply chain or] into remote working employee’s homes, it’s more important than ever for businesses to understand the weaknesses within their systems and work to build a cybersecurity system that mitigates these risks.
Luca Rognoni: Supply chains represent an extension of the organisation’s attacking surface, which are difficult to manage as they extend outside of the organisation’s direct control. This makes them a preferred target for cyberattacks, with many attacking entry points along their long and intricate supply chain: humans, logistics, data transferring, outsourcing services, lack of compliance and lack of supply chain full visibility. In a supply chain, vulnerabilities often are inherited or added into the existing organisation. Assessing risk in a supply chain and improving it as your supply chain changes is critical – [firms need to] be prepared to respond to a supply chain incident.
Q: With the rise of Industry 4.0 and increased use of robotics, digital and connected technologies throughout the warehouse, cybersecurity has become a much more important part of effective warehouse management than in previous years. How does protecting these technologies ensure operations remain as efficient as possible?
Luca Rognoni: IoT, AI, connected devices, sensors and automation provide improvement costs, agility and efficiency throughout the warehouse, as long as they are secure. They represent points of failure due to having their own attacking surface and entry points. Preventing or detecting cyberattacks reduces downtime, ensuring data integrity can enhance maintenance prediction; avoiding disruption, secure data monitoring and analysis all improve warehouse agility. Orchestration is bringing automation to a next level in terms of efficiency and flexibility but also in complexity and connectivity. To prevent cyberattacks and maintain robotic safety, manufacturers and customers need to be aware of the possible security threats.
Gary Kinghorn: A system that prioritises risk, with actionable intelligence and remediation playbooks, helps to keep every warehouse facility safer in an efficient and systematic way. If problematic network changes need to be analysed over time or require rapid incident response performance, robust forensics and the availability of effective query tools accelerate repair. For warehouses, this translates to reliable operations and maximised uptime.