ABB’s virtual summit warns against complacency on cyber attacks

Over 800 cyber security delegates attended the Ransom-Aware OT Defence Summit in April, organised by ABB in partnership with the global technology advisory board Industry IoT. The event focused on strategies to reduce risk of ransomware attacks and identify security threats to critical infrastructure. During the event, ABB launched its ‘Defense in Depth’ playbook.

The World Economic Forum’s Global Cyber Security Outlook 2022 reveals that 80 percent of cyber leaders believe ransomware is a dangerous and evolving threat – with 50 percent indicating it is one of their greatest concerns when it comes to cyber threats.

“The likelihood of being attacked is no longer a matter of ‘if’ but ‘when’. Being complacent when it comes to cyber security can be as dangerous as an attack itself, and not being prepared is no longer an option,” said Ragnar Schierholz, global cyber security portfolio manager at ABB.

During the event, ABB launched its ‘Defense in Depth’ playbook which includes a recommended risk reduction roadmap for customers and outlines strategies that leverage multiple security measures and defensive mechanisms to protect systems and data from vulnerabilities.

“Defense in depth is a tried and tested strategy that can be universally applied to reduce cyber risk,” said Joseph Catanese, cyber security practice lead at ABB and author of the playbook. “We have created a guide that shares examples of best practice, with a focus on reducing the surface area of vulnerability. To explain it better, let’s visualize a dartboard which represents all the openings an attacker can use to access a machine or system. Each dart that lands on the dartboard is a successful attack. The larger the dartboard, the higher the probability that a dart will stick to the board. However, reducing the surface area will make it more difficult to successfully land on the board.”

The efficacy of the defence in depth methodology has been widely acknowledged. The National Institute of Technology (NIST) recommends using it from the very start through to the design of security and privacy architectures. The International Society of Automation (ISA) refers to it as a superior approach to achieving security objectives.

“This methodology will help organisations find the best approach to industrial cyber security, to successfully reduce risk of cyber attacks, and therefore downtime, while enabling digitalisation,” said Curt Dukes, executive vice president and general manager at the Center for Internet Security (CIS).

ABB’s summit brought together industrial cyber experts and technology leaders from companies including IBM, Cisco, Boston Consulting Group, Johnson Matthey, BASF Digital Solutions, Norsk Hydro and Boliden.

“Our research shows we still have a lot of work to do to secure our modern connected society, but also that we can’t ‘do it all’ and so need to choose wisely where our focus goes. What is clear is that everybody has the same fear, uncertainty and doubt around what we do not know, and about which doors and windows of their technology castle have been left open,” said Derek Harp, founder and chairman of the Control System Cyber Security Association International (CS2AI), who attended to unveil the second annual Control System Cyber Security Report.

Click here to download ABB’s “Defense in Depth” playbook