What to consider when budgeting for 2023’s OT cybersecurity needs and wants
Regardless of what 2023 holds in store for the economy, your organization’s financial commitment to supporting OT cybersecurity efforts is being decided now.
In the public sector, much of the funding needed to secure critical infrastructure has already been allocated. But in the private sector funding is far from guaranteed. So how do you maximize your efforts, considering the current economic uncertainty and your need to protect assets?
Weighing your options
Option 1: Do nothing
If your organization has not yet begun its digital revolution, you may choose to continue as-is, relying on manual tasks or machines that have no internet connectivity.
From the board’s perspective, if 2023’s financial outlook seems uncertain, perhaps this is not the best time to invest in the costly modernization of the production lines and the related comprehensive cybersecurity solution.
In this scenario, it is still important to note that any connected device, including small IoT devices, must be secured. One hacked network device provides access to all other devices that have trusted the same network. So, make sure that you review your existing architecture and verify that the required cybersecurity controls are in place.
Option 2: Full steam ahead
Will holding back the tide of your digital transformation cost your organization money? After all, the reason you digitized in the first place was to streamline processes, making more room for profit-generation operations, such as greater production or significantly lower operating and utility costs. For example, the ROI on deploying energy-saving IoT solutions has become even clearer as energy prices increased dramatically.
Those who decide to proceed with the digital transformation plans should do so with caution. Consider:
1. Automation expands the cyber perimeter. Make sure that you deploy OT-specific cybersecurity tools that can allow you to protect your cyber perimeter and detect any anomalies in the internal OT network without impacting the operation.
2. Optimize cybersecurity:
- a. Run breach and attack simulations to understand what are your defensive priorities. This is ideal if you have the budget and can hire an in-house team.
- b. Identify the business impact of each vulnerability and then prioritize your security controls according to the tolerable business risk.
Option 3: Make more with less
Across industries, we have witnessed large pressure from boards and C-level executives to reduce costs throughout their company, keeping only what is mission critical.
If your organization’s digital revolution can be delayed, consider that:
1. Fewer connected devices and sensors mean a smaller perimeter to protect since there are simply fewer devices to hack.
2. Cybersecurity-as-a-Service – Instead of purchasing OT cybersecurity tools and struggling with their deployment and operation, outsource IT security efforts to a managed security service provider (MSSP). Here, the costs are less, and your commitment is relatively short. At the same time, you must also keep in mind that an internal team will be needed sooner than later, and that when a team is kept in-house, so is the knowledge.
Cybersecurity is not a luxury, but a must-have
Both your CEOs and the board know cybersecurity is needed, but that doesn’t mean you won’t be expected to justify your budget. Be prepared to answer what’s in your network, where the weaknesses are, and a clear roadmap on how to prioritize and fix them and secure your network. Make it painfully obvious. Be prepared to break it down piece by piece as it relates to business goals. Don’t assume they understand the task at hand or the urgency.
Ultimately, understanding your department’s critical needs and aligning them with your company’s roadmap is the only way for the board, C-level executives, and your team to be aligned.