Industry Talk: Modern Aspects of Industrial Cyber Security / First Watch Approach

13 May 2022 2:10 PM - 3:00 PM
Presenter/Speaker: Alex Ladur, CTO, First Watch
Location: G.1.15

The goal of hackers is to take control of an organisation’s resources. Depending on their motivation, they will either sell acquired credentials on the Dark Web or use them to encrypt computers and extort money, as in case of Waikato District Health Board in 2021.
Critical infrastructure organisations attract special interest from hacking groups due to the scale of the potential negative outcomes. State-sponsored teams actively try to conduct reconnaissance attacks to gather sensitive information and use it to achieve control over a critical resource.
Causing harm to the population of a town, city, or large geographic area by poisoning the drinking water supply is a high impact example of a critical infrastructure attack. In the case of a Florida Treatment Plant in 2021, an outdated version of Windows (operating system) and a weak cyber security network allowed access to the treatment plant’s computer system and the manipulation of chemical levels in the drinking water which if not detected would have been catastrophic for the local population.
Cyber attacks have reportedly increased across OT/ICS organisations by 80% in 2021 (Claroty report). Recovery from a cyber-attack is estimated to cost between USD3.2m and USD4m (IBM 2020 estimates) on top of any ransomware costs paid and the risk of national infrastructure shutdowns, economic production and risk to life and wellbeing.
In the light of recent significant cyber-attacks, it’s obvious that cyber security must be addressed in any organisation. The question is where to start?