Intelligent CISO Issue 53 - Page 74

The range of costs associated with a lack of attention to OT security in data centres could be devastating .

The range of costs associated with a lack of attention to OT security in data centres could be devastating .

to escalating costs in terms of hourly rates for response services .
In the worst-case scenario , a lack of availability of response services may even occur , as security teams contact security firm after security firm to find one with qualified resources on standby . For those who still think it is worth taking the risk , it is advisable to look at the headlines and see the possible downsides . It is also worth noting that some security partners will allow unused retainer hours to be diverted to other services , such as proactive threat hunting or penetration testing .
5 . Perform due diligence on incident response analysts
It should come as no surprise that not all security firms are created equal . The regional skills gap in cybersecurity means many newly qualified or underqualified people are serving in the field . Even IT security is underresourced , but industrial environments can differ so wildly from data-centric
IT that OT security specialists are even scarcer . And an ill-informed incident response team can often do more harm than good – inadvertently destroying evidence , scanning sensitive industrial devices without due care and failing to provide industry-standard reporting . The solution : vet every candidate thoroughly and establish that its employees have substantial familiarity with industrial safety measures and equipment .
Safety first
The range of costs associated with a lack of attention to OT security in data centres could be devastating . Fortunately , we now know how to protect ourselves . OT-focused threat actors think they are in for an easy ride . Let ’ s show them how wrong they are . u
74 www . intelligentciso . com