In June 2020, Australian beverage company Lion was hit by a ransomware cyber-attack. IT systems were shut down and brewery operations disrupted for more than three weeks. The story of how Lion responded to the attack to strive to become a much more cyber resilient company was related by information security director Jamie Rossato, who presented with Vijay Vaidyanathan, regional vice president at Lion’s cybersecurity partner, Claroty, during the Industrial Cybersecurity session at the ARC Asia Forum 2022.
Looking back on the post-attack period, Mr Rossato, who joined Lion after the cyber incident, said that interviewing executives and managers across the organisation revealed low awareness of the cyber risks facing the organization. To address this, cyber risk was broken down into multiple components, for example, by defining the threat actor, threat action and business impact that could constitute a disruption to operations or a comprise to safety or product integrity.
“It is also really important to get a clear-eyed visibility of your environment: IT, OT, what’s on premise, what’s off premise, etc.” he advised. “And this is what we’ve been doing a lot of over the time I have been at Lion. It takes time to have informed conversations, with both IT and OT colleagues, but we’ve now developed a common view of our systems and networks and also improved cooperation between personnel. The result is much greater clarity on the cyber risks we face.”
Taking a step back, Claroty’s Vijay Vaidyanathan noted that the hyper connectedness and extended IoT (XIoT) associated with digital transformation, which is accelerating as industrial companies strive to improve productivity, agility, efficiency and safety, is making systems more vulnerable to attack. The inherently insecure nature of most cyber-physical systems along with well the trend towards remote access and operations only serves to increase that vulnerability.
Echoing Jamie Rossato’s emphasis on visibility, Mr Vaidyanathan said it is critical to get a full and complete picture of the organization’s cyber assets. Where are they located? How are they connected? What kind of communication are they having with one another? This is the Reveal stage of the four-pillar framework that Claroty uses to help clients successfully complete the industrial cybersecurity journey.
After Reveal comes Protect ‒ putting in technology such as zero trust based Secure Remote Access to control user access to the network; Detect ‒ using solutions such as Continuous Threat Detection to rapidly identify and alert malicious activity; and finally, Connect ‒ which is about integrating industrial cybersecurity with the rest of the business.
Shared Context, Conversation Culture
More than two years on after the attack, Lion’s information security director believes that while work is ongoing, especially in some of the smaller breweries that do not have quite the same level of visibility, the company has become a far more cyber resilient organization. Aside from greater understanding of cyber risks and the enhanced visibility facilitated by adoption of cybersecurity technology, developing shared context, investing in people, and establishing a culture of conversation have been all been instrumental in getting to that heightened level of resilience.
Reminding the audience that amidst a very active threat landscape the cybersecurity journey for many companies is just beginning, Vijay Vaidyanathan said that Claroty’s knowledge of operational environments and its platform of flexible offerings make it an effective partner for clients looking to reduce the increasing risks to cyber physical systems and the eXtended IoT.
View the ARC Asia Forum Industrial Cybersecurity session at this link.