Recent Searches
Following a full cybersecurity assessment, a consumer-packaged goods company and EY teams worked to build a sustainable OT cyber program.
The better the question
A top beverage-maker’s cyber transformation enhanced its operational technology environment.
In an era of remote access, Internet of Things sensors and other advancements, many organizations are choosing to integrate their IT stacks with their operational technology (OT) — the software and hardware needed to manage, secure and control industrial systems, devices and processes. The benefits are clear: greater operational efficiency, deeper data and visibility across the value chain, and increased business continuity and collaboration. However, it also introduces new challenges, including cybersecurity and data management. In 2023, Forrester analysts predicted that 60% of all businesses would experience an OT security incident that same year,¹ and in 2021 the estimated damages of 64 reported OT cyberattacks were $140 million per OT incident.²
This is the duality facing one leading food and beverage giant, operating dozens of manufacturing facilities and tens of thousands of factory assets throughout North America and Europe. The company needed a rethink of its security after a cyberattack disrupted its manufacturing lines.
In response, executives turned to Ernst & Young LLP (EY) to help develop and maintain a proactive OT cyber risk strategy. Their goal was to evaluate the company’s current OT cybersecurity posture, identify the most significant risks, optimize investments to reduce those risks and enhance overall manufacturing resilience. The EY Cyber transformation team worked with the client to develop a holistic strategy and to build a sustainable OT cybersecurity program.
“When supporting our clients, we don’t just discuss cyber vulnerabilities. We first focus on understanding how their business operates and by assessing how various cybersecurity risks could impact their business,” said Doug Clifton. “We worked closely with the company’s CISO and his team to conduct a detailed data-driven risk analysis to determine their current risk landscape, understand what was critical to them, and then developed a prioritized plan to help protect those areas of the business first and foremost.”
The better the answer
Protecting manufacturing sites helped the company meet demand while mitigating OT transformation risk.
The EY team started by conducting an in-depth cybersecurity analysis across a subset of the client’s manufacturing environments to identify the top threats and risks with the potential to impact the business. The analysis also helped EY to define the OT cyber program’s future state and strategy, as well as develop a prioritized roadmap for mitigating vulnerabilities in alignment with the company’s enterprise risk appetite.
To build and mobilize the program, the EY and client teams worked together to define mitigation workstreams and applied the following integrated set of solutions.
The factory floors of modern manufacturers are constantly evolving. Managing the security and operational risks created by this changing landscape requires understanding the assets installed in the environment and their criticality. To improve asset visibility across the client’s manufacturing environments, the EY team deployed passive monitoring sensors.
After the initial install, the EY team collaborated with site managers, engineers and operators to tune and enrich the data being captured by the sensors — including building out a comprehensive inventory list of OT assets categorized by sites, physical location, line, function and supporting processes to ease future tuning requirements. EY categorized and triaged 1.5 million alerts and identified 30,000 assets. When the solution was transitioned to the client’s security team, alert noise was reduced to a handful of alerts a day and each facility had a solid asset baseline.
One key insight from the initial risk analysis was that endpoints, such as workstations and servers, posed a critical risk to the client’s manufacturing operations. These endpoints are the primary targets of threats like ransomware. Endpoint protection is software that enables security teams to prevent, detect and respond to malicious activity. The implementation of an Endpoint Protection Platform in OT environments requires a careful balancing act between security and practicality. To avoid accidentally blocking legitimate manufacturing processes, the EY team established a solid baseline of endpoint activity and implemented procedures to safely respond to incidents on the factory floor.
The EY team also worked with EY alliance partners to protect the client’s critical industrial control equipment using cloud-based endpoint protection and threat intelligence solutions designed to detect and prevent malware, ransomware and other cyber threats.
Firewalls are designed to secure networks and prevent unauthorized access by monitoring and controlling incoming and outgoing network traffic based on a set of predetermined rulesets. However, firewalls are only as effective as their rulesets, which can become outdated or misconfigured over time. To align with the client’s security standards and industry leading practices, the EY team established an automated assessment tool and utilized the outcomes to harden configurations and remediate the top 20 highest-risk rulesets per firewall. This helped decrease the company’s attack surface area by reducing unintended points of entry.
Today’s manufacturing environments are a collection of new and innovative solutions that drive speed, efficiency and revenue. To realize their goals, the beverage industry leader uses cutting-edge vendors from around the world. SRA in OT allows authorized vendors to remotely access the industrial systems they support in the OT environment with as little friction as possible. The improved SRA tool grants the client increased control and visibility by recording user sessions, showing the actions performed by third-party vendors within its OT environment.
Additionally, the EY team worked to implement a cloud-based moving-target defense network to increase security and validate third-party vendors accessing the OT environment. Remote access sessions are also protected via endpoint protection and security monitoring.
Since inception, the beverage giant has been growing rapidly through successful product launches and large mergers and acquisitions. But this growth raises challenges in building a resilient infrastructure across manufacturing facilities designed and operated by different organizations. Recognizing this challenge, the client sought to understand the current state and develop a roadmap to a more efficient, robust and unified process.
The EY team worked onsite with each facility to assess the effectiveness of backup and recovery processes, which are critical to a company’s OT security strategy. Data loss can result from cyberattacks like ransomware, accidental deletion, natural disasters and equipment failures. If the digital systems and data in a manufacturing facility become unavailable, the manufacturing process halts, resulting in lost revenue and costly recovery services.
Leveraging the assessment insights, EY collaborated with client leadership to create a roadmap toward a unified backup and recovery process across new and legacy manufacturing facilities. These processes will enable rapid restoration in the event of an incident, minimizing costly downtime and supporting operational continuity.
The better the world works
For this beverage powerhouse, increased security protects customers, employees and the bottom line.
The new OT security tools and capabilities position the client with secure and resilient digital manufacturing operations, resulting in:
Today, EY is operating a managed threat detection and response program to monitor more than 30,000 OT systems in real time for suspicious activity, resulting in over $1 billion in manufacturing revenue being actively observed and protected. The security operations center (SOC) is a 24/7 operation where the client’s information security team monitors, detects, analyzes and responds to cybersecurity incidents.
Together with EY alliance partners, the teams worked to implement solutions that empower the SOC to work smarter and respond faster by automating repeatable security tasks and workflows. Using these tech platforms, EY was able to develop tools to quantify the effect of a security incident on business objectives, enabling client security teams to rapidly prioritize security initiatives. This key capability transforms the SOC from reactively responding to threats to proactively managing business risk in real time.
Cyber incidents often tie directly to revenue, and with its new OT SOC function, this beverage giant gains much-needed visibility and measurements to continue improving over time. And that keeps business humming and customers happy.
Special thanks and recognitions to EY Tech Consultants Roy Solis and Saniya Sachdeva for their contributions to this case study.
How EY can help
Discover how EY's Cybersecurity Transformation solution can help your organization design, deliver, and maintain cybersecurity programs.
Read more
