Published on July 5th, 2018 | by Mourad Khalil0
CYBER RESILIENCE THROUGH RISK PROFILING
With cyber-crime activity on the increase across the world, Australian businesses need to be scrutinising their business systems, technology assets and security posture and maturity, and look for ways to be on the front foot of mitigating any potential cyber-attack.
Titan ICT was recently engaged by a client, who has multiple business units that operate independent Operational Technology (OT) environments, to undertake an independent OT cyber risk profile.
The client, through its internal corporate IT and Security divisions, had completed OT security risk assessments across each of the OT business units. To delve deeper into their findings, the client opted for an engineering perspective and sought independent advice for the best approach to address the identified risks and make strategic security improvements within the OT realm.
As part of our charter, Titan ICT’s Technology Risk team evaluated and amalgamated the client’s data to produce an all-encompassing risk profile integrating each of the OT environments.
Titan ICT’s approach included:
- The formulation of a high-level methodology to tackle the sheer volume of risk labels;
- An analysis of each individual report to draw out the risks across each division, and categorise each accordingly;
- A high-level view that correlated all risks against categories to determine whether those or similar risks were present in the other business units; and
- The development of a consolidated risk perspective for the companies entire OT environment which included work packages and/or sub categories for the risk.
Through the process, twenty or so risk scenarios were identified, generating over 110 recommendations for resolving the risks. These were grouped into work packages making for an effective, prioritised and systematic programme of work.
People, Process, Technology
While the majority of the outcomes were technology-focused, Titan ICT’s relational eco system assessed all factors across people, process and technology. As a result, many of the recommendations focused on, and aligned, people and process to maximise the company’s existing technology assets.
Through effective collaboration with the corporate IT and OT teams, we were able to streamline multiple packages of work into one consolidated programme. This resulted in work packages that reduced business risks and the level of capital outlay required for the security improvement project.
Titan ICT was retained to provide expertise for the client’s cyber remediation programme to minimise its exposure to emerging risks and become more cyber-resilient, and this was done through a unified approach which resulted in cost savings to the business.
Traditionally, cyber security within OT environments has not been a necessity for many organisations. However, with the convergence of IT/OT and the Internet of Things driving business improvement, cyber threat assessment has become a priority for many businesses, and rightly so.
Along with our Technology Risk advisory, Titan ICT also offers a Security Manager as a Service for businesses who do not have the inhouse resources or expertise to undertake a technology risk assessment of this calibre. Solutions can be tailored to your specific needs or choose from our cost-effective packages.
For more information, email Mourad Khalil or call on +618 6145 2222 or download the brochure.