The recent Colonial Pipeline incident served as a reminder to global manufacturers on the need to improve their cybersecurity measures in line with the growing sophistication of threat actors who are targeting businesses with impunity. In this instance, the threat actor DarkSide used VPN access to install ransomware. In response, Colonial Pipeline shut down operations to contain the fallout as it was unable to identify which parts of its infrastructure were affected.
According to Sectrio, latest threat landscape intelligence report (to be published soon), OT threats grew by a whopping 71 percent in 2021. Actors targeting OT are exploiting traditional vulnerabilities that have not been fixed to target OT which is a significant component of critical infrastructure. The implications of such a trend at a global level cannot be emphasized enough. Critical infrastructure everywhere is at risk. A distributed attack coordinated by global threat actors can cause shut down of important facilities causing loss of production, panic buying of commodities and produce leading to a spike in inflation as also loss of revenue.
New environments, old challenges
While investments in IT security have grown, OT cybersecurity investments and attention are still lagging. Businesses hosting complex hybrid environments with IT, OT, and the IoT are now understanding the importance of ramping up their cybersecurity measures to align them with the complexity involved in securing such environments. Such businesses are closer to a massive cyber disruption than they can imagine.
- Some businesses have upgraded their OT environments by adding new devices. Such devices are however invisible to standard off-the-shelf vulnerability scanners.
- OT vulnerability scans are not done frequently and many businesses fail to fall back on a more disciplined approach that requires regular scans and remediation
- The ever-evolving threat landscape throws up new threats including malware that evade detection
- Visibility into threat surfaces is not adequate. Some of the solutions used by businesses are prone to misconfiguration and new vulnerabilities.
- OT security teams are often less empowered than their IT counterparts and if the same security team is handling both IT and OT cybersecurity, OT doesn’t get as much attention as it should
Such gaps in addressing OT cybersecurity leave the room wide open for hackers or other adversarial entities to exploit.
What can be done?
An ideal approach should involve gaining adequate visibility into all environments, to begin with. Cybersecurity teams also need to proactively swoop down and fix a vulnerability before threat actors can exploit them. A comprehensive risk management effort can be undertaken with the following steps:
- Prioritize OT security and align it to your threat and risk exposure levels through threat modeling.
- Identify all connected assets and their digital footprint
- Establish access control through authentication
- Enforce micro-segmentation
- Collect passive data from the OT environment across devices and networks
- Use rich threat intelligence to detect threats
- Work to understand how IT and IoT risks can impact OT and vice versa
- Deploy policy management measures through a comprehensive program across environments
- Streamline audits and compliance measures to ensure that vulnerability assessment and remediation are conducted frequently across all environments
Wish to learn more about securing your hybrid environments? Want to learn more about some of the solutions available?
Get access to our free threat intelligence feeds for 15 days to see what is lurking in your IT-OT environment.