Minsait, one of the leading companies in digital transformation and information technologies belonging to Indra, has recently launched a comprehensive cybersecurity strategy focused on protecting critical infrastructures in the Industry 4.0. Presented during an event organized by the Spanish Chamber of Commerce North and the Chamber of Commerce of Canada, Monterrey chapter, this strategy is designed to address the increasing risks of cyberattacks in operational environments (OT).
Minsait’s strategy focuses on five key processes: visibility, identification, protection, attention to obsolete systems, and coordination. These elements are essential to ensure a strong defense against the cyber threats facing modern industrial organizations. With this approach, Minsait aims to provide solutions that not only meet current security needs but also prepare companies to face future challenges in a constantly evolving technological landscape.
Gabriel Mayagoitia, Vice President of CAMESCOM North Mexico, commented that “holding meetings and seminars on cybersecurity in Industry 4.0 is essential to increase awareness, promote continuous education, facilitate knowledge exchange, and encourage collaboration in the fight against growing cyber threats in the modern business environment.”
Erik Moreno, Director of Cybersecurity at Minsait, emphasized the importance of this initiative: “the convergence between information technology (IT) and operational technology (OT) is creating new vulnerabilities that require specialized solutions. The strategy recommended by Minsait is designed from a holistic perspective to address the specific risks of OT environments and ensure operational continuity”.
Mitigating vulnerabilities in an OT environment, according to the specialist, requires a different perspective than that applied in IT due to its criticality and importance, even though the goal is the same, to minimize the attack surface; thus, the strategy recommended by Minsait focuses on five key processes: visibility, identification, protection, attention to obsolete systems, and coordination.
Security OT five key processes
Visibility and Analysis: identify and understand all critical assets in industrial environments, as well as the vulnerabilities and associated risks.
Protection and Perimeter Security: Implement advanced protection measures to safeguard OT systems from external threats, including firewalls, intrusion detection systems, and data loss prevention systems.
Update and Maintenance of Systems: Ensure that systems and equipment in OT environments are up to date and compatible with the latest security standards, thus minimizing vulnerabilities associated with obsolete software
Interdepartmental Collaboration and Coordination: Foster collaboration between IT and OT teams to ensure effective implementation of security measures and a coordinated response to cybersecurity incidents.
Implementation of Zero Trust: Adopt the Zero Trust principle to control and monitor access to critical systems in OT environments, ensuring that only authorized users can access sensitive resources.
Teamwork: shield against cyberattacks
Erik Moreno emphasized the importance of addressing each crisis triggered by a cyberattack with precision and industry-specific adaptation, integrating key aspects for an effective response.
First, the organization must have threat detection and response capabilities. This involves a shift in the monitoring paradigm, moving from passive to proactive, facilitating the identification and response to anomalous behaviors and incidents, as well as identifying possible attack vectors.
A second recommendation is to establish appropriate procedures, defined and implemented to expedite the recovery of strategic technological systems and compromised information in the event of a cybersecurity incident.
It is also essential to form a multidisciplinary team that operates as a “war room,” integrating professionals from various areas such as legal, human resources, brand management, marketing, and communication, in addition to cybersecurity, risk management, and information technology responsibilities.
Furthermore, it is crucial to collect, analyze, and document the lessons learned on how the cybersecurity crisis was handled, thus initiating a cycle of continuous improvement in which all areas of the business actively participate.
Regardless of the nature of the organizations’ activities, all sectors are vulnerable to constant cyberattacks. Therefore, it is vital not to limit oneself to a cybersecurity strategy alone but to broaden the vision to integrate a coordinated and orchestrated crisis management plan at the organizational level.
Finally, Raúl López, director of Industry and Commerce at Minsait, emphasized that the company is committed to continuing to lead the development and implementation of innovative cybersecurity solutions to protect industrial environments against growing cyber threats. He highlighted: “The strategy recommended by Minsait reflects our commitment to offering comprehensive and tailored solutions to the specific needs of our clients in an ever-evolving business environment.”