IDEA Risk on the premises It s often overlooked but your company s physical premises can expose it to cyber attack During working hours or after hours for that matter without proper security measures in place a hacker could conceiv ably walk right into your building office or cubicle and plug an infected thumb drive into the first computer he or she sees There fore you need to make sure your properties key partners and ideally your entire supply chain are physically secure Besides keycard building entry improving physical security requires you to manage visitor contractor and employee access throughout your facility and sensi tive areas and what they have access to It may involve controlling physical access to network rooms and equipment security tokens for computer access and imple menting both timed lockout and password protection of network devices And it cer tainly entails employee security awareness training The bottom line is that it s easy from a risk management perspective to get dis tracted by the complexity of digital network security firewalls and such when some of the most gaping security holes can be in your physical premises As a CFO you need to make sure professionals are on the ground exploring the premises with those concerns in mind Industrial risks In the past two years cyber attacks have hit energy and utilities companies and defense and aerospace contractors Two years ago hackers reportedly were able to bring down a power grid in the Ukraine In 2014 the German Federal Office for Information Security reported that a German steel mill suffered significant damage when hackers disrupted the control systems so that a blast furnace couldn t properly shut down Also that year a former Georgia Pacific paper company employee accessed computers at the company s Port Hudson Louisiana mill from home affecting the distributed control and quality control sys tems for machinery used to produce paper towels Industrial control system risks like these have become increasingly prominent on risk managers radar screens As we hear all the time from our clients I wasn t even thinking about this a year ago The CFO needs to understand the emerging risk as well These connected plants and power grids are parts of the Internet of Things IoT commonly thought of as intercon nected smartphones cars fitness trackers thermostats and refrigerators There are more than six billion things in the IoT with more than five million things getting con nected every day according to Gartner The IoT however also connects operators to industrial controls sometimes enabling a plant manager to go online from home and tweak plant operations miles away These systems were designed first to enable access not to restrict it and they contain some harrowing vulnerabilities Imagine a man in the middle attack that takes control of a plant s operating console to signal that operations are okay while sabotaging the production line This industrial control risk is compounded by businesses well intended efforts to run lean automate and standardize processes and to simplify complexity for operators So what can CFOs do They can ensure the company is considering measures like vulnerability audits backup power systems overrides of electronic controls and even redundant IT systems that could take over in the event of a cyber attack This article originally appeared on cfo com Tune in to FM Global s YouTube channel youtube com FMGlobal

Hinweis: Dies ist eine maschinenlesbare No-Flash Ansicht.
Klicken Sie hier um zur Online-Version zu gelangen.