Schneider Electric has launched its Cybersecurity Risk Assessment (CRA) service in the UK and Ireland. The service allows Schneider Electric to remotely assess customers and provide them with an understanding of their cybersecurity risk posture by identifying gaps and key risk areas that need to be remediated.
Additionally, the new service provides recommendations and a roadmap to achieving cybersecurity objectives. Schneider Electric has already applied this process to its own Flint smart factory during the digital transformation of the facility, which is over 30 years old.
With damages from cybercrime expected to reach $6 trillion in 2021, a small chink in a company’s armour can result in substantial financial and reputational losses in today's business landscape.
“Assessing all the cyber threats a company faces can be a daunting task, but as attacks become increasingly common, firms cannot bury their heads in the sand,” says David Pownall, vice president of services UK & Ireland. “Schneider has created the CRA to be the first step in building a reliable and robust cybersecurity programme. This assessment should be the starting point when applying cybersecurity requirements in an operational technology (OT) environment.”
The CRA is a non-invasive high-level assessment performed by Schneider Electric’s OT cybersecurity experts. The service aligns to control categories found within industry best practices and standards.
To ensure a complete and actionable summary report, Schneider collects information about businesses’ OT systems before conducting interviews. This includes current cybersecurity policies, cyber program objectives, applicable standards, existing cybersecurity tools and technologies. This is all in addition to an OT network diagram, which displays the location of critical assets on the network.
Personnel data is also utilised, including identifying personnel most familiar with the OT network layout (OT / cyber knowledge) and stakeholders who can answer detailed technical questions regarding the OT equipment and assets used within the customer’s network.