By Canninah Mapena, Managing Director, Rockwell Automation Sub-Saharan Africa
While digital transformation and the move to the Connected Enterprise offer brilliant benefits to organisations – improved visualisation, better and faster data acquisition and processing, remote support, and informed decision-making – there is industry-wide concern that the “smart” enterprise is increasingly vulnerable. More connected technology may mean more opportunities for cyber-attack. Add to the mix remote work, where employees are potentially working on their home or personal computers with insufficient anti-virus software, and the concern increases.
Bringing this into a manufacturing, process or mining environment, the threats presented by cyber-attacks go beyond malware, denial of service or ransomware and towards debilitating bugs and downtime. In a process operations context, risks include costly production stoppages and the potential for human harm. One harrowing example was reported by the New York Times in 2018, where a petrochemical plant in Saudi Arabia was hit by a new kind of cyber-assault that was not designed to simply destroy data or shut down the plant. Investigators believe it was meant to sabotage the firm’s operations and trigger an explosion. Luckily, the attack was prevented by an error in the attacker’s coding.
While this is a rather drastic example, the message is clear: the risks are very real. So how can we go about protecting our Connected Enterprise?
The obvious option is to have trusted, high-quality, plant-wide industrial cybersecurity. To ensure our customers have access to this, Rockwell Automation recently acquired Oylo, an industrial cybersecurity services provider based in Spain. Oylo is dedicated to providing a broad range of industrial control system (ICS) cybersecurity services and solutions, including assessments, turnkey implementations, managed services and incident response
However, there is another element to consider when protecting your virtual and physical assets: your human assets. While many cybersecurity firms classify the “human aspect of cybersecurity” as a weakness or security threat due to the subjectivity of human behaviour, I am not a fan of this definition. It suggests that your own people are working against you, or don’t have company success in mind.
While it’s not impossible that deliberately malicious actors may exist within a company, logic would argue that an organisation’s own people surely prevent more attacks than they cause. Think about it: whenever someone ignores a phishing email, they keep a network secure. When your colleague locks their computer screen before taking their lunch break, they prevent potential unauthorised access. When a staff member closes a website following a security warning, they are keeping your network secure.
At Rockwell Automation, we believe that your people can be your biggest defence. Humans have a unique ability to actively prevent attacks – it might just take some training and awareness. While digital skills are not particularly abundant in South Africa, this a showstopper. In many cases, this can be easily rectified with some basic in-house training and perhaps annual cybersecurity workshops. This will go a long way in empowering your team to protect your company’s assets. It is worth investing some resources in upskilling and creating awareness in your team, as it will lead to improved business continuity and more resilient technological infrastructure, ensuring you maintain your company’s cutting edge.
Here are my five top tips when it comes to training your staff:
- Ensure your training initiatives are engaging; blunt lectures aren’t memorable and won’t stick.
- Use practical examples to reinforce best practice.
- Hold regular refresher courses that explain new trends in cyber-attacks.
- Implement an incident-response policy so that staff are never in doubt about what to do in an attack scenario.
- Be the kind of manager your staff can approach if they have made a mistake and opened your business to risk.
As connected smart devices are introduced into the plant floor, having a comprehensive cybersecurity strategy that protects your operational technology and information technology is critical now more than ever before – and people are key in this strategy. To be successful in your organisation’s journey to a Connected Enterprise, remember that your people are integral in this journey. Failing to consider their importance in keeping your environment secure and operational may see your company name in the next cyber-attack news headline.
About Canninah Mapena
Canninah Mapena is the MD and Country Sales Director for Rockwell Automation Sub-Saharan Africa, where she leverages her experience doing business on the continent to grow the footprint of the company and introduce new industries to the benefits of the Connected Enterprise. Canninah’s background lies in both business and engineering. She holds a Bachelors’ degree in Business Administration from the University of Johannesburg, as well as an Electrical and Electronics Engineering degree from the University of the Witwatersrand. With a people-centric approach to business, Canninah leads with confidence in her team and the drive to meet customers’ needs. She believes that technology is an enabler of great progress, while people are form the core of any successful solution.