BUILDING RESILIENCY: THREE CORE ACTIONS TO CREATE STRONGER CYBERSECURITY

By Ray Texter, Chief of Information Security at Texas United Management Corporation (TUM)

Security leaders in the manufacturing sector are tasked with being proactive and maintaining the highest level of visibility and control to balance security and functionality and align with business objectives. In particular, manufacturers are increasingly the target of ransomware cyberattacks that lead to costly project delays and expose proprietary information shared across joint venture partnerships, customers, suppliers, sub-contractors and more. Successful attacks unfold in mere hours from initial access to data exfiltration and ransomware deployment, making the time to detect and time to contain key factors in building an effective cybersecurity program. Unless you’re prepared to defend against ransomware, these attacks result in your organization being locked out of critical systems and applications for days and weeks. In many cases, the resulting downtime can cost organizations upwards of $225,000 daily.

Texas United Management (TUM) is the shared services provider for United Salt Corporation and other group companies. We provide finance, human resources, legal, information technology and other essential services that these companies need to operate. In the course of our work, we interact with customers, suppliers, employees and contractors on a daily basis. Critical to our success in supporting our client companies, and every stakeholder we work with, is having strong cyber defense programs in place. With 17 locations across our portfolio, lateral movement of a cyberattack can happen swiftly, making it more difficult to mitigate the risk. At a company like TUM, we run 24 hours a day, seven days a week, three full rotating shifts, and are in M&A mode. Throughout my career and at TUM, we’ve identified three core areas critical to our protection and resiliency.

1. Find the Right Cybersecurity Partner

Even with years of cybersecurity planning under my belt, I knew there was no way I could keep our company’s operations and information safe on my own. Outsourcing security operations to a partner who can manage, detect and respond to threats and anomalies can drastically improve an organization’s security posture and cyber resiliency. This is particularly important when considering challenges such as the cybersecurity skills gap and growing data problems (remote users, cloud, etc.), all compounded by the rapidly evolving threat landscape. But finding a long-term partner that is a good fit for your business takes some deep dive shopping techniques. My tips on what to look for in a partner:

• Look at people and process first and foremost. You can assume they may understand the technology, but that only fixes maybe 20 percent of the problem. The people on the team and the processes the security company employs are what make a partnership work.
• Ensure they understand your business model. A salt mining company is very different in a lot of ways than the petroleum industry or parts manufacturing. A cybersecurity partner needs to be willing to learn and adapt. Ask them to present to you a mock scenario for an incident – what does an escalation look like? How would they work with your team to keep them focused and help you provide updates to the leadership team?
• Reference check. As when hiring anyone, insist on talking with some of their customers. Customers won’t hold back regarding issues or needs.
• Do some research on your own. I suggest checking out, for example, what Gartner Research Group says about various Managed Detection and Response (MDR) companies. In particular, the “R” is critical. How are companies ranked and why?
• Find a partner that can grow with you and not just react to the “problem of the day. ”Together, a good partnership with the right cybersecurity organization can help you change your business from the bottom up, creating longer term resiliency.

2. Have a strong Incident Response plan

To survive any “disaster,” a team must be prepared, practiced, and poised. This can only happen if your Incident Response (IR) plan is written in precise, clear language detailing step-by-step actions and assignments. Having a ‘ready for anything’ mentality, accounting for the unknown, minimizes the impact on the business. Secondly, drill your team. Hold mock situations to physically practice a cyber attack. Muscle memory could mean the difference between quick, decisive action during a crisis versus a “deer in the headlights” response. And even if your IR plan is 80 percent ready for most situations, you should lean on your cybersecurity partner to pick up the slack. Resilience is defined as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” While a good IR plan anticipates issues, adaptation (conducting post-mortem analyses to identify lessons learned and make appropriate people, process, and technology changes), and evolution (today’s solutions may not solve tomorrow’s problems, so constantly challenging our way of thinking and evaluating whether we’re solving or prioritizing the right problems the right way) are particularly critical parts of the package.

3. Segmentation of Networks

Segmentation of networks – putting barriers between an organization’s operational and enterprise networks – has become a fundamental industry best practice, especially in today’s distributed workforce. Network segmentation allows network administrators to control the flow of traffic between subnets improving monitoring, boosting performance, localizing technical issues, and – most importantly – enhancing security. The use of network segmentation strategies such as guest-only networks and strict user group access rules help to manage the specific user permissions for data access. For example, you can allow users to access those network resources needed to carry out their duties but restrict access to mission critical systems or sensitive data.

In conclusion, while we may never be able to eradicate cyberattacks and the bad actors who perpetrate them, there are core things we as security professionals can do to shore up our protections and mitigate risk. Segmenting networks and having a strong, well-practiced IR plan in place are two cornerstones of a strong security posture. Perhaps most importantly, we need to embrace finding a like-minded, well-respected security partner that will be our “ride or die” when the attacks do occur, and who understands the business objectives and our evolving needs.

About Ray Texter:

With over 25 years of professional experience, Ray has had the opportunity to touch on various aspects of the technology industry. Within the last five years, his accomplishments include establishing a cybersecurity program for Texas United Management Corporation and a critical system that supports Operations Technology. By fostering a proactive stance to risk management through effective strategic planning, policy design, and business transformation. He deployed a microwave network solution to wilderness locations, providing connectivity back to the corporate infrastructure. He was also responsible for successfully transitioning critical production systems, within a limited timeframe, from Apache Corp. to Chevron Canada. He was trusted to perform as a liaison between a central IT location and business units in the Asia Pacific Region (APAC). Further, he provided consulting services and developed blueprints and road maps to ensure alignment with IT transformation efforts. Ray is an adept team and project leader with a successful history of improving business efficiencies and acting as a catalyst for change.