Ransomware attacks against Operational Technology (OT) networks have increased dramatically in the previous year and a half. While this rise has received a lot of public attention, it is something that industry experts have been anticipating for some time.
When OT networks are up and running, consumers’ lives are improved and revenue is generated. If ransomware specifically targets industrial environments, the result could be a loss of availability of those systems, affecting the company’s core business. Even a partial loss of view into network activities might necessitate shutdown of the process due to safety issues and product quality. Any potential disruption to physical processes can result in a loss of productivity and money, as well as, in certain situations, a loss of life.
As per government alerts, some of the common techniques used by threat actors to infiltrate organizations are spearphishing to gain access to the IT network and then moving to the OT network, or connecting directly to internet-accessible controllers that do not require user or device authentication. The door is then open for deploying ransomware to encrypt data. Because of the limited number of security controls on those networks, the threat actor can often traverse the OT network without being detected for months or even years.
Also Read: Reimagining Cybersecurity with Artificial intelligence (AI)
Enterprise infrastructure has been under pressure like never before as a result of the rapid adoption of digital transformation and remote work. Attacks on that infrastructure were a possibility, but they are now a reality. As OT networks become more integrated with IT infrastructure, this phase will continue. Companies have embraced hyper-connectivity as a means of increasing efficiency and profitability, which is a positive thing. But now the urgency is to make that connectivity more secure.
What can defenders do to improve the security posture of their OT environments in this new reality? Here are five suggestions that every CISO should think about:
Extend the scope of their risk governance
CISOs should broaden the scope of their risk governance to include all cyber-physical assets. This comprises all components of the Industrial Internet of Things (IIoT), Enterprise IoT components and the Industrial Control System (ICS). Of course, for many companies, this is a challenging step because identifying such assets is difficult. It’s a process that may require several iterations. Thankfully, the industry has made significant progress in recent years in terms of technology that allows security teams to quickly find such assets and assess their risk, exposure, and vulnerabilities.
Segmentation between IT and OT networks
Security leaders should ensure that there is proper segmentation between their IT and OT networks. There are several business applications and processes that must communicate across the IT/OT divide, and they must do so in a secure manner. This simple step is frequently overlooked, but it should not be. Virtual segmentation should be deployed to zones within the OT environment, in addition to IT/OT segmentation, to help detect lateral movement within the OT networks. If remote operations require direct access to OT networks, this should be accomplished via a secure remote access connection with strict controls over device, user, and sessions.
Also Read: Insider Threats at Workplace: Top Four Strategies to Prevent Them
Good cyber hygiene is crucial
Security leaders should ensure their hygiene applies to OT and IoT devices as well. This includes strong passwords, multi-factor authentication and a password vault. Some processes, such as patching outdated systems, may be more difficult or impossible to do. Security teams should determine and install compensating controls, such as access control lists, and firewall rules if this is the case. To help limit threat exposure, the Cybersecurity and Infrastructure Security Agency (CISA) offers a range of free hygiene tools, such as scanning and testing.
Effective system monitoring program
CISO need to implement a strong system monitoring program. This entails keeping an eye on risks in both IT and OT networks, as well as anything that crosses that line. Agentless solutions for continuous threat monitoring throughout the OT network can be deployed quickly, connect seamlessly with OT and IT systems and workflows, and enable IT and OT teams to collaborate on OT environments. These teams, working with the same data, take specific steps to manage and mitigate risk from both known and undiscovered emerging risks.
Incident response plan
Tabletop exercises of ransomware attacks can help them better understand their technical and organizational preparedness. This gives them the chance to strengthen their incident response plan and boost their confidence in their resilience and preparedness in the face of such attacks.
For more such updates follow us on Google News ITsecuritywire News