Not all publicity is good publicity!
Avoid the headlines
The attention that cybersecurity attacks are getting is undesirable. Aside from shining a bad light on the victim company at the wrong time, the round-the-clock coverage is devastating. The last thing any CEO wants is to get on TV and rationalize paying a multimillion-dollar ransom.
It’s not an accident that the most publicized ransomware attacks involved Operational Technology (OT) infrastructure. Unfortunately, the wave of ransomware attacks isn’t about to end. It will take years to put in place adequate protection measures for vulnerable industries.
When evaluating security postures, IT and OT teams need to think about keeping their CEO out of the headlines.
Why is everyone talking about OT?
While OT has been with us for a long time, it recently made headlines. OT is a category for computing and communications systems that monitor, manage and control industrial operations. Such environments are usually always on and are present in utilities, oil and gas and other industries. In short, OT software and hardware keep most things that we depend on, such as power plants and factories running.
OT has surfaced in the news due to a cybersecurity attack against OT infrastructure. 90% of organizations experienced at least one OT system intrusion last year.1 That visibility comes as the lines between IT and OT disappear, placing OT in the crosshairs of cybercriminals.
IT and OT security operations are different. IT security focuses on protecting data throughout its lifecycle; at rest, in-flight and processed, and in use by business apps. On the other hand, OT focuses on protecting physical processes, safety, uptime, production, efficiency and protection of operators. In short, OT includes systems that monitor and control industrial processes where availability and uptime are critical.
Things are changing for OT and IT, which are gradually converging as industries are increasingly digitized. So naturally, that calls for more attention to establishing robust OT cybersecurity. But the OT/IT convergence has attracted cybercriminals who are wasting no time taking advantage of the situation.
Could it get worse?
- The trends of cyberattacks are all pointing to an increase in the volume and ferocity of the attacks.2
- Cybercriminals are growing more sophisticated and are running a profitable franchise business model.
- Challenges of OT in several areas including lack of cybersecurity talent, aging equipment and servers that are harder to upgrade outdated tools, to name a few.
- Transforming OT will take a longer time due to the nature of devices used in industrial processes.
- The high rate of adding new devices to IoT and industrial environments expands the surface of attack. IDC predicts that 75% of 55.7 billion devices will be connected to IoT platforms by 2025.3
Protecting converged OT/IT
As OT/IT seems inevitable, it makes sense to focus on protecting OT/IT environments.
- One cybersecurity team for OT/IT. We are not necessarily advocating merging the two teams but instead having them work as one group with the same level of visibility to threats and response plans.
- Adopt robust access management procedures and practices that include multi-factor authentications, strong passwords, zero-trust approach and other security hygiene practices, including frequently changing passwords.
- Protect against internal threats. Regularly train employees on cybersecurity and conduct internal tests to verify readiness. 85% of IT professionals are concerned that employees let others use their word work devices. Furthermore, 88% of IT staff are worried that employees download unauthorized software, use personal devices for work, and 43% download operational and customer data.4
- Replace aging servers. It is no longer acceptable to operate with aging control servers that are not upgradable and lack modern cybersecurity defenses. About 51% of breaches in the past year exploited unpatched machines.5
- Build an air-gapped backup that is not connected to your network and is not accessible to cybercriminals through your infrastructure.
- Don’t do it alone. Instead, work with an experienced partner that can guide your plans to success quickly and with lower costs.
- Investing in security is the lower-cost option. Malicious cyberattacks have a long tail, and their financial impact is felt for years. Therefore, it is prudent to invest in prevention instead of fighting fires after the fact.
Next Steps
Build a cyber security-conscious culture where security is everyone’s responsibility. Establish a zero-trust end-to-end security posture with a focus on minimizing internal threats. Work with a business partner with solid security expertise, for you will need one in the event of a successful cyberattack.
- 1. Fortinet 2021. “2020 State of Operational Technology and Cybersecurity report.”
- 2. FBI IC3. “Internet.”
- 3. IDC July 2020. “IoT Growth Demands Rethink of Long-Term Storage Strategies.“
- 4,5. HP 2021. “HP Wolf Security Blurred Lines and Blind spots.“