Sectrio

Author name: vikas.karunakaran

Vikas Karunakaran
Increasingly visible nation-state actor footprint forces APT groups to increase stealth (1)

Increasingly visible nation-state actor footprint forces APT groups to increase stealth

2022 is turning out to be the year of nation-state actors. With attacks on wind turbine operations and public transit services in the Netherlands, utility firms in India, retail businesses in Taiwan, and stock markets in the US being traced to APT groups, this year has logged more APT activity than ever before. With the increasing realization of their capabilities as a source of rich data and disruption, nations are now growing increasingly comfortable with the use of APT groups to settle scores. This trend has had a complex impact on the security of cyberspace and the ramifications will play out more visibly in the days to come. 2022 – a year of brazen APT attacks The attacks on many retail businesses, websites of government departments, and the presidential office and tram stations in Taiwan in August following the visit of US House Speaker Nancy Pelosi to the island were clearly linked to Chinese and Russian IP addresses. The hackers involved didn’t even try to hide their origins in what was seen as an attempt to convey a geopolitical message to Taiwan. Russian APT groups were also found meddling with critical infrastructure in Germany, the Netherlands, Ukraine, Norway, and the US. Also Read: Complete Guide to Cyber Threat Intelligence Feeds Transparent Tribe AKA APT36 went as far as to develop and deploy a fake version of an Indian government-mandated two-factor authentication solution required for accessing email services to target Indian government and defense personnel. Transparent Tribe also used fake domains and traffic redirecting mechanisms to divert traffic to spurious sites hosting malware. Even here, the hackers made no serious attempt to hide their trail.     Such levels of visible aggression are not frequent in cyberspace. Room of plausible denial is always left by APT groups so that the nation-state backing them can deny all allegations of support or sponsorship. While acting in a noiseless manner in the networks they are targeting, APT groups are also becoming noisier when it comes to claiming credit. The reasons for such brazen and aggressive attacks could be: Whatever be the motivation for such transparency, it is clear that APT playbooks have changed this year. Even among the industrial cyberattacks on OT and IoT-based infrastructure and systems perpetuated by APT groups, the attacks were done in a more systematic and transparent manner. While the attacks including scans are becoming more sophisticated while APT groups involved are leaving digital tracks behind making attribution easier. Impact on IoT and OT security in 2023       Overall, this trend clearly indicates a period of increasing APT activity that could spill over into segments that are not directly connected with the government including manufacturing, retail, extended supply chains, aviation, and shipping. Such brazen attacks also mean that APT groups are now more confident about their capabilities and are not shy of showcasing them in the digital space even if it could attract some form of retribution.       Also Read: Why IoT Security is Important for Today’s Networks? In 2023, the time to attack post a geopolitical incident will shrink and we will enter an era of lightening fast attacks on critical infrastructure that could lead to prolonged disruption. Public transportation systems and financial institutions (especially stock markets) could be the potential targets for such attacks. Among defense systems, hardware and systems linked to base security, air traffic control and temperature control within underground storage systems will be targeted. APT groups will also go for greater monetization of attacks by targeting businesses for ransom. Most APT groups are moving towards generating their funding sources outside their state sponsors to prevent disruption in R&D and ongoing projects due to a fund crunch. Such attacks will be running in parallel with attacks on their conventional targets. We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now

Increasingly visible nation-state actor footprint forces APT groups to increase stealth Read More »

Cyber surveillance grids double up as cyberattack facilitation infrastructure

Cyber surveillance grids double up as cyberattack facilitation infrastructure

Large-scale domestic and international surveillance and activity-tracking grid operated by a large South East Asian country are also enabling its APT teams to strike deep into the digital territories of other countries. This country has invested extensively in promoting cost-effective surveillance technologies around the world using its diplomatic levers and economic dominance. Also Read: Complete Guide to Cyber Threat Intelligence Feeds The surveillance grid includes digital listening tools, smart cameras, vehicle, and asset tracking systems, and dual-use devices that are creating a significant digital catchment area for this country to gather a range of data. Lessons from a controlled domestic cyberspace This country maintains one of the largest domestic surveillance facilities in the world run with evolved AI, big data, and cross-platform activity tracking. With an active domestic industry that generates tools aiding the maintenance and management of this surveillance grid, this country has gained a strategic advantage in avoiding the use of imported tools that may open up this well-established grid to other actors. In the guise of promoting governance and domestic order, this surveillance grid is enabling not just data collection but also the trial of new and more stealthy data collection tools that facilitate much deeper penetration of target infrastructure in other countries while maintaining an undetectable digital footprint.     This country uses its controlled domestic cyberspace to: Potential implications for businesses everywhere In addition to the possibility of data exfiltration at multiple levels, there is also a possibility of such data ending up in the hands of actors who might exploit it for carrying out disruptive cyberattacks or for ransom. Either way, this is bad news. With OT networks being open and vulnerable and IoT devices lacking adequate security, state-backed hackers associated with this surveillance grid could easily launch attacks or keep large volumes of internet users under surveillance to harvest valuable data.    Long-term implications include: To secure your business against such attacks you need to improve your IT, OT, and IoT security practices and your overall security posture. With each passing day, hackers are becoming more brazen and disruptive and it is high time we become aware of their tactics and deploy countermeasures.  Book a completely free session with our cybersecurity experts today to see what your business is missing.  We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now See our solution in action through a free demo

Cyber surveillance grids double up as cyberattack facilitation infrastructure Read More »

Cybersecurity considerations and recommendations for securing distributed energy resources on power grids

Cybersecurity considerations and recommendations for securing distributed energy resources on power grids

A recent report prepared by the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response and the Office of Energy Efficiency and Renewable Energy highlights the cybersecurity considerations to be taken into account for distributed energy resources (DER), such as solar, storage, and other clean energy technologies. The report also outlines the growing risks that will emerge at a grid level in the next decade. With the proliferation of diffused and distributed clean energy resources, sites are being set up with a sense of urgency around the world. The ongoing conflict in Ukraine and the rising prices of fossil fuel products are pushing governments and other players to look at renewable energy as a short- and long-term solution to reduce resilience on costly and carbon-intensive fuels. lso Read: How to get started with OT security Without adequate security, such systems could serve as entry points for hackers or end up facilitating a cyberattack. It is therefore essential to secure these systems from origin, deployment, integration, use, and maintenance standpoints to minimize any risks to power grids or other assets or the reliability of the power supply.     Definition of Distributed Energy Resources The report defines DERs as “small-scale power generation, flexible load, or storage technologies (typically from 1 kilowatt to 10,000 kilowatts) that can provide an alternative to, or an enhancement of, the traditional electric power system”. DERs can be located “on an electric utility’s distribution system, a subsystem of the utility’s distribution system, or behind a customer’s meter.” Due to changing power generation models, DERs can now be connected to the grid at various points and it is pertinent to take the threats posed by them to the grid into account while planning operational resilience measures and overall availability of the grid at all times. Key trends mentioned by the report Recommendations The main recommendations proposed by the report for improving distributed energy resources security include: Recommended resources: Want to learn more about OT security? Talk to an OT cybersecurity expert from your industry now. We are giving away threat intelligence for free for the next 2 weeks. Find out how you can sign up and try out our threat intelligence feeds Download our cybersecurity awareness kits   Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now

Cybersecurity considerations and recommendations for securing distributed energy resources on power grids Read More »

takeaways from the latest OTICS advisory from NSA and CISA (2)

10 takeaways from the latest OT/ICS advisory from NSA and CISA

The latest joint advisory from NSA and CISA adds to the previous joint guidance released by the two agencies in order to stop malicious ICS activity and reduce OT exposure. Also Read: Complete guide to SCADA security The latest advisory describes the various TTPs that bad actors could use to compromise critical OT assets. It also deep dives into measures ICS and OT operators can deploy to prevent cyberattacks while building cyber resilience. Here are the 10 major recommendations cited in the latest OT/ICS advisory from NSA and CISA: 1. Newly observed TTPs in cyberattacks Partial loss of view, connections to internet-accessible PLCs, spear phishing, modifying control logic, and deployment of commodity ransomware have been listed among recently observed TTPs 2. Increasing risk to ICS Malicious cyber actors present an increasing risk to ICS networks. 3. Know thy enemy Knowing your adversary and their potential tactics and measures for creating a breach is essential for deriving countermeasures   4. OT resilience plan 5. Set up and run your incidence response plan 6. Harden networks 7. Understand and Evaluate Cyber-risk on “As-operated” OT Assets 8. Implement a persistent and continuous monitoring program 9. Understanding the malicious actor’s gameplan Threat actors often follow these steps in their strategy to breach critical infrastructure control systems 10. Mitigation Want to learn more about OT and ICS security tactics and strategies? Speak to an OT security expert. Find out what is lurking in your network. Go for a comprehensive 3-layer threat assessment now See our OT security solution in action. Sign up for a free demo now. Get your free threat intelligence feeds here.   Key Takeaways from the most recent OT/ICS advisory by NSA and CISA

10 takeaways from the latest OT/ICS advisory from NSA and CISA Read More »

Threats to air force assets too real to ignore

Threats to air force assets too real to ignore

Imagine a scenario where hackers take control of ground-based command and control systems and connected networks to either shut down a critical system or manipulate feeds leading to wrong decisions being taken on the battlefield. Communication systems, guidance systems, and situational awareness management systems could be targeted with intrusion or extended scans to exfiltrate data. An international geopolitical event may even be triggered by a cyber attack with many countries getting involved thanks to regional defense agreements. Mission level cyber-threats    During peacetime, air force teams participate in multi-geography and multi-hardware training missions. Such missions often involve exercises to test response readiness, target acquisition and engagement, tactical advantage preservation, and testing of hardware and battlefield coordination. Such exercises use dedicated communication networks where sometimes new and untested systems (from a security perspective) and hardware are added. Such hardware could have a trojan code added inadvertently through stealthy supply chains. Modification of systems during training (for compatibility with systems belonging to air force teams from other countries) could also open up new vulnerabilities. Such vulnerabilities could also open systems up for long-term scans for a potential malware insertion at a suitable time in the future. The use of old systems that may carry unpatched vulnerabilities could also contribute to an overall degradation of the overall security posture. Also read: Why IoT Security is Important for Today’s Networks? The type of mission and the number of nations involved can all contribute to the threats and risks that emerge. For instance, if the hardware diversity increases during a training exercise involving many countries, chances are that systems will be modified to ensure interoperability. This opens the system to cyber threats it may not be ready to deal with. This is why training exercises are keenly watched by adversarial nations as they could expose not just the strategic and tactical shortcomings, but such missions also bring together hardware and systems or varied origins and vintage. Training missions can therefore introduce new threats and risks to systems. These threats could play out in the long or short term and reduce the ability of an air force entity to respond to or engage an adversary in the air or on the ground.  Electronic warfare in the air – Cyberwarfare in the air Most unmanned and manned platforms have an electronic warfare suite embedded or added to them. These suites help in improving situational awareness, reducing the effectiveness of enemy radar, denying unrestricted access to the electromagnetic spectrum, misleading SAMs, electronic reconnaissance, improving stealth, or simply acquiring targets by intercepting communication. These electronic pods that house the electronic warfare suite could technically be jammed or remotely acquired by an adversarial nation’s cyberwarfare group and rendered inoperable. Nuclear capable and non-nuclear capable ballistic missiles pose another major concern for air defense planners. The guidance systems of ballistic missiles could be targeted using a software-programmable radio frequency or modified electronic warfare signals that could jam or alter an ICBM’s flight trajectory toward a target.    Electronic warfare in space – Cyberwarefare in Space Ground to space communications could be hacked into by APT actors who can then send a satellite off balance by manipulating its orbit control systems. The satellite could be made to lose its earth lock and turn into a threat to all space assets. Tracking such attacks will be a tough challenge especially if the satellite is lost or destroyed later. Considering the significance of space as a medium for communications through satellites any successful hacking will invariably lead to the shutdown of many systems on the ground including those related to GPS. Complex multi-function satellites providing various services could be sitting ducks to such cyberattacks.  Are redundancy systems part of the solution or the problem? There is a common myth about the use of redundant systems as a security layer. Nothing could be further from the truth at least in this context. Redundancy systems cannot be equated with security. In the case of a fighter jet, redundancy systems could prevent a crash in case the fly-by-wire systems are hacked into or disabled. But they do not provide any level of security to a system or render it more robust. In fact, redundancy systems could even introduce new vulnerabilities into the network as they are often picked for their ability to serve as ready backups for key systems rather than for their security robustness.      In summary, hacking of assets and networks connected with an air force could lead to: Want to learn how to secure your air force and its entire digital footprint across connected and air-gapped networks? Talk to us now. See our solution in action, book a demo now: Request Demo Try our curated threat intelligence feeds for defense entities.

Threats to air force assets too real to ignore Read More »

Supply chain cybersecurity tips from NSA and CISA

Supply chain cybersecurity tips from NSA and CISA are timely and critical

Supply chains have become a preferential target for hackers. Government reports from the UK, USA and many other parts of the world confirm the growing attacks on supply chains impacting businesses and even government agencies. Such attacks often involve secondary or even tertiary targets that are attacked through a series of breaches across organizations connected through a supply chain How are supply chains targeted? A chain is only as strong as the weakest link and this adage is true even in the digital world. Hackers target supply chains by studying the entire supplier network for identifying weak points for entry into a network. This network is then used as a conduit to target networks belonging to other organizations upstream or downstream. A single breach could potentially expose a whole chain and many service providers. Also Read: Why Supply chain poisoning is an imminent concern Using specific data, hackers target multiple employees across various organizations. This is done through a phishing email or a waterhole attack. While earlier attacks were not targeted, most of the attacks we have seen this year are targeted at specific individuals and involve state-backed actors. The whole approach is more structured and organized and hackers are clear about what they are looking for or want from these organizations.   The ultimate targetsThe more sophisticated the hacker, the more distant would the ultimate target be. In the case of a large defense hardware manufacturer in Europe, the first point of entry for the hackers was a firmware-linked entity based in Asia. The hackers used the first breach to move across continents and more targets downstream till the ultimate target was breached nearly 11 months later. The target organizations and their supply chain connects are mapped and observed over a period of time before an attack attempt is made. Software supply chain cybersecurity tips from NSA and CISA, US Software supply chain compromise is a common form of supply chain attack. The most common compromise methods involve exploitation of inherent design flaws in the software, addition of vulnerable third-party components into a software product, breach and infiltration of multiple supplier’s networks with malicious code before the final software product being delivered, and injection of malicious software which is finally deployed by the customer. The U.S NSA and CISA recently shared tips to secure the entire software supply chain. This is certainly a welcome move. The recommendation document covers security across: The document states that “stakeholders must seek to mitigate security concerns specific to their area of responsibility. However, other concerns may require a mitigation approach that dictates a dependency on another stakeholder or a shared responsibility by multiple stakeholders”. This points to a collaborative approach towards identifying and mitigating threats within and outside a supplier’s own area of responsibility.  The document while articulating the need to focus on vulnerabilities, states “dependencies that are inadequately communicated or addressed may lead to vulnerabilities and the potential for compromise”. Areas where these types of vulnerabilities may exist include: We recommend that all supply chain entities across verticals read, understand, and adhere to these tips. It will go a long way in securing not just supply chains but also the entire digital footprint of various enterprises and governments.  Sectrio Learn more about supply chain security by interacting with our cybersecurity experts today Do a complete cyber threat assessment now to find out your security gaps   To learn how you can protect your business, book a free consulting appointment with our IoT and OT security experts and see our IoT and OT security solution in action now: Schedule a time now Try our threat intelligence feeds for free now: Sign up for free threat intelligence feeds today.

Supply chain cybersecurity tips from NSA and CISA are timely and critical Read More »

7 measures to address critical IoT Security Challenges (1)

How to address IoT security challenges? 

My first association with IoT was way back in 2016. We were then working on developing an IoT-based solution for monitoring blood banks. Security was on the table but it was not a big priority for many businesses back then as I found out from my interactions with many IoT experts. Many DDoS attacks and generations of IoT devices later, enterprises are still struggling to address IoT security concerns. Let us examine why IoT security continues to pose a huge challenge to enterprises and what needs to be done to address this.   What security challenges are IoT devices facing? 1. Expanding surface area Users often represent the most important attack surface area as they could be the target for a phishing campaign, could inadvertently or voluntarily share credentials or other sensitive information, or could easily be tricked into taking actions that may lead to the deployment of malware. All these actions could not just compromise data and credentials but also cause attacks that could be costly and set back production schedules or other goals by days, months, or even years.  Also read: Why IoT Security is Important for Today’s Networks? The addition of devices also represents an addition of threat surface area. In addition, misconfiguration of networks or devices could also lead to the opening of gaps in the security architecture.   2. The growing number of IoT devices   The number of IoT devices coming online continues to grow each month. Depending on which data source you subscribe to, this number can vary by the thousands. With new use cases being added every year, IoT has already made deep inroads into sectors such as agriculture, smart homes, transport, financial services, and manufacturing. The number of IoT vendors has also grown exponentially in the last few years. The number of IoT device manufacturers has also seen exponential growth with the rise in the number of manufacturers in countries where they were manufactured traditionally as well as the addition of new manufacturing units in other countries.   With such a rise in the number of devices manufactured, one would have hoped security would receive more attention and generational security gaps would be addressed with the arrival of new and more efficient IoT devices. However, what we are seeing instead is the detection of new vulnerabilities at all levels in new devices along with generational vulnerabilities that have not been addressed. Such a scenario is creating new opportunities for hackers to exploit.  3. Rising sophisticated attacks   IoT devices and projects are attracting plenty of attention from APT groups now. The rising integration of IoT into critical infrastructure projects and the use of IoT in the financial services and other key sectors could be one of the reasons why APT groups are increasingly scanning IoT devices across verticals. According to Sectrio’s threat research team, IoT projects logged a 77 percent rise in cyberattacks in the month of April 2022. Also read: Complete Guide to Cyber Threat Intelligence Feeds This was the single biggest rise in attacks ever registered. The number of sophisticated attacks logged a 133 percent rise in the same month. Oil and gas and manufacturing were the most attacked sectors.         4. Regulatory/Compliance Standards   There are many standards that enterprises can adopt to improve their security. We have compiled them for you here. In addition, the OneM2M standard also enables IoT applications to discover and interface with IoT devices in various distributed environments based on a common service layer. It also prescribes many other avenues for improving IoT security.   While most of the standards are voluntary, regulators often recommend voluntary adherence to them in order to mitigate risks and reduce risks and this could be one of the reasons why such standards are not adhered to by many businesses across sectors. Some of these standards when adopted could improve efficiencies and promote the network and asset transparency which translates into improved productivity and return on capital invested.     These are just some of the reasons why IoT security is still a challenge for enterprises. In order to address these aspects, businesses will have to scale up their overall security measures around. Also Read: The Complete guide to IoT Security Here are 7 measures to address critical IoT Security challenges: Do an IoT threat assessment now to find out your security gaps   To learn how you can protect your business, book a free consulting appointment with our IoT and OT security experts and see our IoT and OT security solution in action now: Schedule a time now Try our threat intelligence feeds for free now: Sign up for free threat intelligence feeds today.  

How to address IoT security challenges?  Read More »

Educational institutions and students on hacker’s radar

Educational institutions and students on hacker’s radar

Over the last two months, hackers have stepped up attacks on academic institutions and students thereby opening a new frontier in the battle against cybercrime. Rising attacks on educational institutions could have multiple security and risk implications for the overall security of everything connected and beyond. Implications of attacks on educational institutions: Major security incidents involving academic institutions in the last 30 days: Sectrio’s threat research team has identified multiple hacker groups that are actively targeting academic institutions. This includes APT groups such as Transparent Tribe (Pakistan) and APT 41 (China). Both these groups have stepped up their attacks on educational institutions. The rising interest of APT groups points to a growing realization among hacker groups of the importance of academic institutions as a target. Also read: Complete Guide to Cyber Threat Intelligence Feeds With no established cybersecurity practices and a lack of awareness of the prevalence of sophisticated hacker tactics, schools and colleges are soft targets for hackers. APT groups targeting them could be acting with an intent to stay entrenched through vectors in their networks. Such malware could be activated remotely in case of any geopolitical tensions between the countries involved. Such an approach also points to a widening of the list of targets sought by hackers. With more such options to choose from, hackers will find it easier to target enterprise or government targets. Also read: Why IoT Security is Important for Today’s Networks? While the democratization of hacker activity is a reality of the times we live in, now we are having to deal with the democratization of targets as well. With such a spread of targets, it will become difficult for enterprises and governments to attribute cyberattacks or validate an attribution claim. Either way, attacks on such soft targets represent the opening of a new frontier for hackers.  Educational institutions will have to pay more attention to cybersecurity from now on. Even simple cyber hygiene measures including sensitization of all stakeholders will go a long way in securing educational institutions. To learn how you can protect your business, book a free consulting appointment with our IoT and OT security experts and see our IoT and OT security solution in action now: Schedule a time now Try our threat intelligence feeds for free now: Sign up for free threat intelligence feeds today.

Educational institutions and students on hacker’s radar Read More »

_Digital Transformation - Addressing cybersecurity challenges

Close your Digital Transformation cybersecurity gaps now

In the first two quarters of 2022, the attacks on digital transformation projects have grown manifold in the Middle East. Threat actors are targeting production systems, assembly lines, safety and instrumentation systems (including legacy systems dating back to 2017 or earlier), IoT devices, and IoT and OT networks. A new set of actors is relentlessly scanning networks belonging to diverse enterprises to expose gaps that could be exploited to harvest data or plant malware.   Read now: 2022 IoT and OT threat landscape assessment report  With such a rise in cyberattacks and due to increasing insider threats, the risk of serious industrial cyber incidents from IoT and OT infrastructure has also risen significantly. Industrial companies that invested significantly in OT infrastructure have also turned into prime targets for ransomware and sophisticated attacks. Such attacks can lead to an erosion of revenue, invested capital, data, and credibility. The loss of production window and destabilization of production schedules will continue to impact bottom lines for months, if not years. Thus, the need to close digital transformation gaps is now more essential than ever. Even a single exposed threat surface in your infrastructure can be detrimental to your overall security posture.  Digital transformation and security gaps  Digital transformation driven by data harvesting and integration of assets and networks is opening up new threat surfaces and latent gaps. These gaps serve as attack pathways that are linked through cloud and application services, supply chains, remote workforce, and untested IoT devices. Such vulnerabilities that extend into critical control systems when exploited by a sophisticated hacker can derail even the most mature first response plan as the hacker moves laterally in the system disrupting operations while covering new ground and exploiting new gaps.   A traditional IT-focused approach to digital transformation security has proven to be the bane of many industries and security teams. Most IoT and OT systems lack advanced capabilities and often operate in alignment with last year’s threat environment. With the proliferation of sophisticated threat actors, mature cybersecurity programs based on threat anticipation and response are no longer a matter of choice.   Learn more: Consulting Security for Digital Transfromation Most of the IoT and OT cybersecurity programs that are being run by businesses lack active defenses, skilled workforce, and tools needed to detect and address multiple vulnerabilities. The number of businesses that have a roadmap in place with investments and management buy-in for a significant improvement in security posture is even less. Most businesses lack the resources and expertise to execute secure deployment of innovative digital transformation efforts. Sometimes such programs would have consumed more budgets than allocated and teams often try and cut corners by downgrading the original security program in terms of measures and tools to save money. More access, less security There is a demand from multiple stakeholders for providing direct access to infrastructure components including safety and instrumentation systems (SIS), core engineering systems, and cloud-based data analytics systems. Third-party vendors often ask for network access to service remote hardware and predictive maintenance systems share data with multiple vendors in some instances. In many parts of the Middle East such as the United Arab Emirates and Saudi Arabia, we have seen drones being used for surveilling remote locations. Such drones are often connected to multiple networks each of which could serve as entry points for complex malware or multi-payload droppers. Also read: Complete Guide to Cyber Threat Intelligence Feeds Digital transformation relies on improving operational transparency, overall efficiency, effectiveness, productivity, and process consistency. To attain these goals, security configurations are often overlooked or de-prioritized. In a Sectrio survey conducted between April and May 2022 over 80 percent of CISOs admitted to lacking the desired level of visibility into their operations. In the Middle East CISOs also spoke about using systems that were not hardened from a security standpoint and were thus liable to be exploited by threat actors. Such gaps increase the risk of disruptive cyber incidents that can impact safety, infrastructure integrity, and business continuity.    Join us to address your digital transformation cyber security gaps Join us at Digital Transformation Security Drive organized jointly by Sectrio and Spire where our cybersecurity expert Gopal Krishnan will help you chalk out a roadmap to: Date: August 24th, 2022Time: 9:00 AM to 2:00 PMVenue: Al Mawad Meeting Room, Le Meridien – Al Khobar This is an in-person event. Reach out now to secure your slot for free: Book your time now

Close your Digital Transformation cybersecurity gaps now Read More »

How to secure a Smart Factory

How to secure a smart factory?

Securing smart factories is a relatively new priority for many manufacturers. Which is why many manufacturers often struggle with basic cybersecurity requirements while addressing larger security goals. The problem is compounded by lack of skills, policies, and employee sensitization in some instances. For smart factory projects to be successful, the outcomes need to be secured and security needs to be treated as one of the core pillars of the digital transformation effort. Security challenges in upgrading to a smart factory: Thus while smart factories have made substantial gains through infusion of technology in non-security areas, security as an essential enabler of smart production is yet to receive its due. This trend is clearly reflected in the way digital factories have turned into vulnerable targets for hackers and bad actors. Hacker groups are consistently scanning and placing newer variants of malware and multi-loaders such as Bumblebee to exfiltrate data and extort ransom. Why do hackers target smart factories? How to secure smart factories Even before you start on the journey to improve cybersecurity for your smart manufacturing plants, you need to answer these basic but important cybersecurity questions: Answers to these questions will give you your first steps that need to be taken to secure your establishment. Paying attention early has its benefits Security should ideally begin at the blueprint/design stage. When the project is still on paper, IIoT security governance mechanisms, roles and responsibilities (of key personnel), and detection and defence solutions should be considered and finalized. We have often seen that the understanding and appreciation of the threat environment facing smart factories varies from team to team. So coordinating efforts to arrive at a consensus for a governance model is essential. (Building policies and frameworks like OT Cybersecurity Policy Template or IEC 62443, NIST Table of Roles & Responsibilities Template will go a long way in elevating your cybersecurity posture to the next level) Ensuring maturity of response to breach attempts is another strategic priority. Breach detection solutions that integrate with the governance model and the SOC facility should be deployed while the governance and security model is being finalized. Since threat actors will not wait for everything to fall in place before attacking parts of the smart factory, it is important that detection and remediation solutions must be deployed to address these threats. Once the governance model is finalized, the solution can then be aligned to the outcomes expected of it as per the chosen model.    Also read: How to get started with OT security Defense and response playbooks can go a long way in fashioning a well-etched and coherent first response to any signs of a cyberattack or a breach attempt. This playbook can define attack scenarios or even suggest basic cyber hygiene tactics that can be deployed to prevent breaches in the first place. Here are a few other steps that can be taken to secure smart factories. Thinking of where to start? Let our cybersecurity experts map your security journey: Schedule a time Learn more about Sectrio’s security solutions for smart factories: Cybersecurity for Smart Factories and Manufacturing Find out what threats are lurking in your smart infrastructure, go for a level 1 threat assessment now.

How to secure a smart factory? Read More »

Scroll to Top