The OT Security Academy

Introducing Omny Risk, a software solution to reveal industrial security risks

Written by Haakon Mørk | June 21, 2024

CTO Haakon Mørk takes us behind the Omny curtain to understand the starting point for Omny Risk, the company’s newly launched product enabling heavy asset owners to efficiently assess and communicate security risk.

Industrial companies have continued to show significant investment in the mitigation and  prevention of accidents and failures, putting the safety of people first. But how protected are these organizations when the incident arrives outside of known risk avenues whether intentional, digital or even undetectable?

Today’s threat landscape has ushered the industrial world into a new era of risk, a risk type that requires a new kind of toolbox to manage. Industry faces unprecedented levels of security threats, physical and cyber,  that target the very real assets and operations on which so much of society relies, like water and power. These threats are intentional and covert, often accompanied by a nefarious intent to reap harm or disrupt society. This is why Omny Risk was born to address and reveal security risks to help industrial organizations aware of what they are facing to aid in strategic decisions and manage risk now and in the future.


A strategic approach to managing industrial security risk

For industry, it’s not a matter of ticking off the boxes and saying “we are compliant” anymore. Security threats are evolving, meaning risk is evolving, and so too should industry’s strategy to manage it. To understand what type of risk a company can face requires insight into existing potential risks and paired consequences while taking industry and infrastructure into account. A traditional approach to risk requires an audit of a company’s assets paired against the current threat picture. This process can take months resulting in a finalized risk assessment that is valuable for that day, time, and current risk picture. What then when a new risk is presented?

By proactively managing the cybersecurity risks posed to connected physical assets requires insight – insight into both risks and potential consequences so that one can make better and more informed decisions on how to protect their operation.

Communicating consequences and risks in the business

Conducting a security risk assessment means evaluating your company situation, identifying the assets involved, and assessing the consequences of a successful security threat. Then you can understand what you have and what you don’t have in terms of mitigating the risk. These reports are mostly static documents, like PDFs, living and dying on hard drives across the organization.

The problem with this approach is that risks are changing so quickly. A risk report valid one day may be outdated the next. It’s a dynamic risk picture that requires an equally dynamic risk tool, one that enables industrial organizations to regularly adjust and adapt the underlying analysis of the threat picture.

This was our starting point for Omny Risk.

Omny Risk isn’t a prediction engine or magic box of tricks. Rather it’s a digital tool that contains real-time insights to give organizations that much-needed dynamic risk picture, helping them stay one step ahead of cyber and physical security risks, no matter how they develop.

A tool to make data-driven decisions for managing security risks

In many organizations there are risk owners who are responsible for risk, but they may not have the budget responsibility. Therefore,  their job is to convince the decision-makers where to focus the spending. Omny Risk is a tool that can provide consistent information to decision-makers, to make good, data-driven decisions based on new data and not old reports.

With a tool like Omny Risk, more people across the organization can be invited into the world of potential security risk. Data is presented in a structured way that allows for more proactive use of it, such as scenario planning. By simply plugging a future scenario into Omny Risk, a user could evaluate the risks and understand potential consequences – as a part of training exercises, for example. 

The industrial world has made significant progress in terms of managing accidents and ensuring the safety of their operations. Where we need to advance now is in managing new and constantly emerging cyber threats that target physical assets. Having Omny Risk as a single source of truth can be a game changer when it comes to budgeting for and building strong security defenses across cyber and physical domain, securing your business continuity.

Learn more about Omny Risk by reading our Solution Brief.