Shorter Cybersecurity OT Sales Cycles are a Sign of Bigger Worries

Article By : Ilan Barda

There's a trend in the operational technology (OT) cybersecurity market today where sales cycles are dropping by 75%, from 18–24 months to only six months.

There’s a trend in the operational technology (OT) cybersecurity market today where sales cycles are dropping by 75%, from 18–24 months to only six months.

This trend is clearly derived from the growing risk that industrial enterprises face as part of the overall cybersecurity and economic uncertainty that many decision-makers are beginning to worry about. Let’s take a look at two recent headlines to understand where this feeling is coming from.

Security key.

First, is Toyota being plagued by yet more setbacks following supply chain woes in 2021? In late February, one of the world’s largest automakers announced it would halt production throughout Japan due to a cybersecurity attack on one of its plastics suppliers. This also coincidentally occurred nearly immediately after the vehicle manufacturer announced it would pull its operations out of Russia in response to hostilities in Ukraine.

In March, an FBI bulletin indicated that “evolving intelligence” shows a heightened threat against the U.S. energy sector by what appeared to be Russian-based hackers. The bulletin went on to explain abnormally high scanning activity from over 100 suspicious IP addresses and for companies to remain vigilant.

While the risk of these specific IP addresses remains to be seen, it is clear that U.S. businesses are a highly prized target, with an 82% boost in ransomware attacks between 2019 and 2021, according to the FBI. More specifically, 40,000 cybersecurity attacks have been reported to the agency since 2018, translating into hackers raking in $150 million in payouts.

So these shortened sales cycles are coming from companies understanding that it’s no longer enough to appease regulators. They must secure their facilities now, without impacting productivity.

It is up to CISOs to dive into the details and understand what the unique needs are for their OT facilities. This can only be achieved by cataloging each piece of equipment in the company’s OT network and its characteristics. Only then can key questions be answered:

  • Are they still supported with cybersecurity patches from the manufacturer?
  • What are their key vulnerabilities, and what steps can be taken to mitigate them?
  • How crucial is this piece of machinery? What will happen if it goes down?
  • Will hackers be able to gain access to other network capabilities if a device is penetrated?
  • Ultimately, what will be the financial impact on the company should a cyberattack occur?

Only by conducting this thorough risk assessment using mapping tools combined with breach-attack simulation can CISOs begin to speak in the same language as the executives, whose buy-ins are critical for implementation.

CISOs must further seize this opportunity to explain to their executive team that the cost of losing total or even partial operational capabilities due to a cybersecurity attack is not an option. It is up to them to explain that hundreds of thousands of dollars in lost revenue, loss of operation, and tarnished reputation are completely avoidable.

To make things more complex, this growing need for OT cybersecurity is occurring at the same time that concerns for global economic slowdown are being raised.

The CISO needs to address these two conflicting trends of optimizing their budget while keeping assets secure. Only developing a clear OT security plan when presenting to the board will allow for a strategy to be properly thought out and executed.

This means correlating the security gaps to the business impact and prioritizing accordingly. When presenting, cybersecurity leaders must show projected figures of the risk reduction once such projects are implemented and use tools that optimize the usage of expert manpower. Once this is achieved, only then can full buy-in and support be expected.

The shorter sales cycles are welcome, but proper implementation and buy-in is even more important.

This article was originally published on EE Times Europe.

Ilan Barda is the founder and CEO of Radiflow.


Subscribe to Newsletter

Leave a comment