Schneider Electric’s Guide to Cybersecurity

“In the same way, the processes are often complex and complicated and are often not fully documented, audited or followed up accordingly. It is also challenging to review and update them regularly, which is especially true when there is a wide range of legacy operating systems on site and a constant need to adhere to multiple industry standards and regulations”

 Telco and Cloud Account Manager for the Caribbean in Schneider Electric, Héctor Martínez, commenting on Cybersecurity.

Consider that you live in the United States and that, after waiting in a long line to buy limited gasoline (the result of a cyberattack), you decided to go to the supermarket for meat for the special weekend meal.

However, you found that hackers attacked the world’s largest meat supplier, halting operations and skyrocketing prices, reducing availability. Or maybe imagine that you live in Ireland and your urgently-needed medical records are stuck because the Irish healthcare system has been hacked.

The target of the attackers can vary: an oil pipeline, a media giant, a technology company, the city’s transit system. The consequences?

If you take a good look at it, it can go from a missed medical appointment to a long line to get gas in your car, a menu change or a shutdown of the entire transportation industry. Everything is possible when we talk about cyberattacks.

Let’s look at recent and close data on this problem: FortiGuard Labs indicates that, during the first six months of 2021, the Dominican Republic received 196 million attempts at cyberattacks. Meanwhile, Puerto Rico suffered more than 187 million attempted cyberattacks in the first half of 2021, according to the company specialized in cybersecurity Fortinet.

Cybersecurity – Learn to manage cybersecurity risks

“Taking a single, holistic approach to cybersecurity to improve the way companies detect, mitigate and respond to cybersecurity threats throughout their lifecycle is challenging. From an individual perspective, due to an aging workforce, COVID-19, and other factors, many companies simply do not have the skills, resources, or budget to train their existing staff or the cyber-informatics experts on it. In addition, they may lack the technical experience necessary to select, implement and maintain their cybersecurity applications,” says Héctor Martínez, Telco and Cloud Account Manager for the Caribbean in Schneider Electric.

Technology is definitely a problem. Many large companies struggle to maintain the complex mix of security systems, networks, and applications they have installed from different vendors, some of which run on different platforms. This is expensive and time consuming, and limits your ability to adapt to the dynamic nature of the cybersecurity environment.

So how can companies, regardless of their size and maturity, manage cybersecurity risks without jeopardizing their convergence of IT / OT and digital initiatives?

Establish a cultural mindset that embraces cybersecurity

Integrate cybersecurity into the life cycle of employees. From hiring and onboarding to employee development and succession planning, education, awareness and training – all are critical. By holding everyone, anywhere, accountable for cybersecurity, employees can move from simply performing their traditional tasks to acknowledging that implementing and adhering to good cybersecurity practices is now part of their core responsibilities.

Implement security controls that align with best practices and standards

When it comes to the technology that you already have in place, always make sure you have things like network segmentation, endpoint protection, central authentication, central patch management, and other good practices in place.

You should also regularly maintain and test your backup infrastructure. Consider things like intrusion and anomaly detection, use of allowed/ blocked lists, and memory-based protection for your host system.

Choose the right solutions for your unique environment

Cybersecurity is not a one size fits all solution. Work with your suppliers to understand exactly what you need. For example, cybersecurity consultants at Schneider Electric recently helped a customer implement a solution that was perfectly suited to their unique environment.

The client was struggling to find a simple and effective way to understand and manage their cybersecurity threats. They considered implementing a complex information and security event management system, but it would have been costly and time consuming. Also, it was too much for what they really needed.

After consulting them, we provided a simpler and more scalable solution for targeting priority assets and risks, with a console to visualize risks. Plus, it being a scalable solution, allows them to expand as their environment changes and grows, meaning they can keep up with the changing dynamics of cybersecurity.