News Highlights
- KPMG research says cybersecurity should be integral to IT/OT convergence strategy.
- Cybersecurity capabilities need to be implemented to evaluate existing systems for threats.
- KPMG has created OT/ICS cyber range labs and can be used to establish secure remote connections through KPMG’s infrastructure to perform training, cyberattack simulations.
- KPMG virtual labs can be built to replicate an organization’s IT and OT environments.
Dubai: KPMG latest cybersecurity publication on IT/OT convergence in the energy and natural resources sector highlights the need to bring people, processes and systems closer together to build a smarter, more secure network with high visibility to monitor and control both IT and OT environments.
Converging information technology (IT) and operational technology (OT) environments requires the right preconditions in an organization’s environment and culture to be successful and lasting.
“Preparing an organization’s people and culture for IT/OT convergence is critical for success, with process and workflow convergence being integral to a broader IT/OT convergence plan,” explains Ton Diemont, Head of Cybersecurity & Data Privacy at KPMG in Saudi Arabia.
While organizations often prioritize efficiency or productivity improvements, cybersecurity must not be overlooked and should be integral to an IT/OT convergence strategy.
IT/OT convergence is a double-edged sword from a cybersecurity lens. It can allow for more robust monitoring of systems, but it also might expose industrial control systems (ICS), process control systems and other operational technology to malware attacks, hacktivism, employee sabotage and other security risks that previously affected only corporate IT systems.
“Securing OT systems is a prerequisite to IT/OT convergence. Cybersecurity capabilities need to be implemented to evaluate existing systems for threats and to continually monitor them in the future,” adds Hossain Alshedoki, IT/OT Cybersecurity ENR Lead at KPMG in Saudi Arabia.
Though zero-day attacks are impossible to predict during and after IT/OT convergence, micro-segmentation helps organizations mitigate their risk. Implementing ‘resilient by design’ principles before IT/OT convergence also decreases the likelihood of successful zero-day attacks.
Training OT personnel requires not only a cybersecurity background, but also a strong understanding of the engineering process and physical systems is required unlike IT personnel in IT environment. To overcome this challenge, KPMG has created OT/ICS cyber range labs using production-grade equipment to simulate scale-model versions of industrial processes to bring OT simulation efforts up to par with IT.
The labs can be used to establish secure remote connections through KPMG’s infrastructure to perform hands-on training sessions, cyberattack simulations, proof-of-concepts and industrial cybersecurity-related research.
“Our virtual labs can be built to replicate an organization’s IT and OT environments by connecting proprietary devices and virtualizing OT components. This enables IT and OT professionals to cross-train their incident response strategies until mastery,” concludes Diemont.
© Press Release 2021
Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.
The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.
To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.
