What We Do
How We Do
Get Started

Building Resiliency: Three Core Actions To Create Stronger Cybersecurity

BY Ray Texter

April 12, 2023 | 6 MINS READ

Cyber Risk

Cybersecurity Strategy

Want to learn more on how to achieve Cyber Resilience?


This article is contributed by Ray Texter, Chief of Information Security at Texas United Management, and a customer of eSentire MDR.

The threats of cybersecurity are front and center in mining as operations become increasingly dependent on technology and digitization. How can the industry fight off what it can’t see?

Security leaders in the manufacturing sector are tasked with being proactive and maintaining the highest level of visibility and control to balance security and functionality

and align with business objectives. Yet partnerships with third parties (contractors) are the backbone of the entire industry – we all work together to deliver “the goods” to the end customer.

When a third party is introduced, organizations are placed in more of a reactive position, relying on the supplier regarding security posture, policies, etc., we start to lose control of

our systems. Additionally, manufacturers often operate as a distributed workforce spread across various projects, work sites and often countries, increasing the odds of a security breach.

In particular, the industry is increasingly the target of ransomware cyberattacks that lead to costly project delays exposing proprietary information shared across joint venture partnerships, consortiums and sub-contractors. Successful attacks unfold in mere hours from initial access to data exfiltration and ransomware deployment, making the time to detect and time to contain critical factors in building an effective cybersecurity program.

Unless you’re prepared to defend against ransomware, these attacks result in your organization being locked out of critical systems and applications for days and weeks. In many cases, the resulting downtime can cost organizations hundreds of thousands and even millions of dollars daily.

These attacks are, unfortunately, not uncommon. Using just one well-known cybercriminal group as an example, two affiliates of the Conti Ransomware Group – one of the longest-running and most lethal ransomware groups today – claimed that they had compromised 81 victim organizations between the end of February and mid-July 2022. Victims included a parts manufacturer and a supplier of components to military organizations, aerospace companies, and auto manufacturers.

As cyber criminals evolve, these attacks offer threat actors increasingly stealthy, scalable and privileged access to any organization’s on-premises, cloud or hybrid environment. These groups use clever techniques to dupe victims with clever phishing emails and drive-by downloads from infected websites. They combine a recipe of malware, including credential harvesting, backdoor and remote access tools, data collection, ransomware and even data wipers to cripple businesses.

But while we may never be able to eradicate cybercriminals’ actions, we can become more resilient. Companies like Texas United Management (TUM) are 24 hours a day, seven days a week, three full rotating shifts and are in constant M&A mode. With multiple locations, lateral movement of a cyberattack can happen swiftly, making it more difficult to mitigate the risk.

Throughout my career and at TUM, we’ve identified three core areas critical to our protection and resiliency.

1. Find the right cybersecurity partner

Even with years of cybersecurity planning experience, I knew there was no way I could keep our company’s operations and information safe on my own. Outsourcing security operations to a partner who can manage, detect and respond to threats and anomalies can drastically improve an organization’s security posture and cyber resiliency. Especially when considering challenges such as the cybersecurity skills gap and growing data problems (remote users, cloud, etc.), all compounded by the rapidly evolving threat landscape.

But finding a long-term partner that is a good fit for your business takes some deep level shopping techniques. We have been working with eSentire for a few years now and enjoy a powerful relationship. My tips on what to look for in a partner:

2. Have a strong incident response plan

To survive any “disaster,” a team must be prepared, practiced and poised. This can only happen if your Incident Response (IR) plan is written in precise, clear language detailing step-by-step actions and assignments. Having a ‘ready for anything’ mentality, accounting for the unknown, minimizes the impact on the business. Secondly, drill your team. Hold mock situations to physically practice a cyberattack. Muscle memory could mean the difference between quick, decisive action during a crisis versus a “deer in the headlights” response. And even if your IR plan is 80% ready for most situations, you should lean on your cybersecurity partner to pick up the slack.

Resilience is defined as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.” While a good IR plan anticipates issues, adaptation (conducting post-mortem analyses to identify lessons learned and make appropriate people, process and technology changes) and evolution (today’s solutions may not solve tomorrow’s problems, so constantly challenging our way of thinking and evaluating whether we’re solving or prioritizing the right problems the right way) are particularly critical parts of the package.

3. Segmentation of networks

Segmentation of networks – putting barriers between an organization’s operational and enterprise networks – has become a fundamental industry best practice, especially

in today’s distributed workforce. Network segmentation allows network administrators to control the flow of traffic between subnets improving monitoring, boosting performance, localizing technical issues, and – most importantly – enhancing security. The use of network segmentation strategies such as guest-only networks and user group strict access rules helps to manage the specific user permissions for data access. For example, you can allow users to access some network resources that allow them to carry out their duties but restrict access to mission-critical systems or sensitive data.

In conclusion, while we may never be able to eradicate cyberattacks and the bad actors who perpetrate them, there are core things we as security professionals can do to shore up our protections and mitigate risk. Segmenting networks and having a strong, well-practiced IR plan in place are two cornerstones of a strong security posture. Perhaps most importantly, we need to embrace finding a like-minded, well-respected security partner that will be our “ride or die” when the attacks do occur, and who understands the business objectives and growth projections.

Originally posted on northamericanmining.com

Ray Texter
Ray Texter Chief of Information Security | Texas United Management

Ray Texter is the Chief of Information Security at Texas United Management, a mining & metals company that offers brine commercial production services. In the past five years, his accomplishments include establishing a cybersecurity program for Texas United Management Corporation in addition to a critical system that supports Operations Technology. Ray has provided consulting services and developed blueprints and roadmaps to ensure alignment with IT transformation efforts. He is an adept leader with 25+ years of professional experience in improving business efficiencies and acting as a catalyst for change.

Read the Latest from eSentire