Targeted ransomware is the new normal - high-stakes extortion using sophisticated, nation-state attack techniques. Secure sites deal with this threat - not by reducing the likelihood of OT shutdowns due to ransomware, but by eliminating that risk entirely. After all, there are less than a dozen ways that ransomware can enter an OT network. In this presentation we explore a different way of looking at the problem - how to block all of those dozen ways, how to configure our OT networks to survive IT network failures, how to deploy secondary defences much stronger than the usual "defence in depth" advice and how to do all this while still enjoying the benefits and the efficiencies of modern IT/OT integration.
Industrial control systems and critical infrastructure continue to become increasingly automated and digitised, yet it is an inescapable fact that we are still dependent on humans for the end-to-end security of these systems and services. This presentation, rich with examples and takeaways, will focus on how organisations relying on ICS can strengthen their cyber resilience through a human-centric approach, and build a sustainable cyber-aware culture across organisational boundaries.