Cyber Security in the Spotlight
Digitalisation holds the key to boosting efficiency and reducing costs. It’s also the key to survival as businesses race to adapt in the face of continuing Covid disruption. According to Microsoft’s CEO Satya Nadella, the first two months of lockdown saw uptake of digital technologies that would otherwise have taken two years.
While digital technology delivers real benefits, it must be carefully managed if new cyber security risks are to be avoided. Research shows that industrial systems – including smart supply chains and the Industrial Internet of Things (IIoT) – are emerging as top targets for hackers.
The growing complexity of industrial systems adds to the risks. Factors include increased connectivity between businesses and their industrial partners, greater reliance on remote working, the proliferation of connected devices, and the growth of Operational Technology (OT) – the use of computers to monitor and control industrial processes.
All of this dramatically increases the “attack surface” – the number of physical and logical points where systems can be infiltrated by malicious actors.
Danger: hackers at work
Exposure to ransomware is one of the principal dangers facing industrial companies and attacks are increasingly common. In a ransomware attack, computers and servers are infected with malware that encrypts data to prevent access until a ransom is paid. Attacks may also be accompanied by threats to release sensitive data.
Research by IBM shows that the average cost of a ransomware attack was US$4.44 million (€3.76 million) in 2019/20. But the impact in individual cases can be much higher: a ransomware attack on one major European industrial business in 2019 cost more than €40 million. Not surprisingly, Europol recently highlighted ransomware as potentially the biggest cyber threat and a priority for investigators across the EU.
Money is not the only motivation. Some hackers want data. Cyber espionage – using computers to gain illicit access to confidential information – is on the rise. Intellectual property, trade secrets and other commercially-sensitive data are prime targets. Research by Verizon shows that 25% of data breaches are motivated by espionage.
Sabotage is also a major concern. Attacks are intended to disrupt operations and can be life threatening in some cases. Threat actors are often powerful and well-resourced. ENISA, Europe’s cyber security agency, warns that attacks sponsored by nation states on the Industrial Internet of Things are increasing across key industrial sectors. Attacks may be politically or ideologically motivated.
The consequences of an attack of any type can be devastating. Dealing with the aftermath of a breach is always expensive and disruptive. But there are often legal consequences as well, particularly if personal data is compromised under GDPR or if the target is bound by cyber security regulations, such as the EU’s NIS Directive. There are also reputational impacts if breaches are not effectively managed.
These effects are amplified by the fact that it can take months to detect a breach. This point is underlined by research from IBM, which shows that it took an average of 302 days to identify and contain a breach in the industrial sector in 2019.
average cost of a ransomware attack in 2019/20
days to identify and contain a breach in the industrial sector in 2019
of malicious actors are connected with nation states
of data breaches are motivated by espionage
By your side
Cyber security is a strategic priority for Nexans. As a leading cable manufacturer, it is vital for us to maintain continuity of supply to our customers and to ensure that our operations and data are kept secure at all times.
Nexans is also a leading provider of digital services and solutions. The solutions we offer are increasingly connected and in some cases, they are embedded in our customers’ IT infrastructure.
Maintaining rigorous standards of cyber security is therefore of the highest importance. Trust is key. So how do we achieve this?
First, everything we do is underpinned by the principle of Security by Design. This means that every service and solution we offer has been developed with security in mind from the very earliest stage.
Second, we perform rigorous cyber security evaluations on all of our key assets and processes, both internal and external. This includes regular security testing of our digital solutions and services. And thanks to our Security Operations Centre, we are able to provide real-time monitoring of both our internal operations and the status of the digital services we provide for our customers.
Third, we know that cyber security is as much about people as it is about systems. That’s why everyone at Nexans has cyber training, from the boardroom to the factory floor. This is key to adapting everyone’s mindset to new threats and new ways of working. Our e-training programme ensures that our people are able to detect and react to cyber threats. We have made our cyber awareness training mandatory for all employees.
All of these activities contribute to increasing our overall security maturity level and to providing our customers with peace of mind, now and for years to come.
Select your country to find our products and solutions