Sectrio

footer-logo
Contact Us

Eng

[google-translator]
footer-logo
Contact Us

Eng

[google-translator]

OT

2022 threat landscape assessment report

Sectrio releases 2022 IoT and OT threat landscape assessment report 

Cyber Security, ICS, IoT, OT /

Report documents a staggering rise in cyberattacks on critical infrastructure and supply chains Sectrio today released the latest edition of its Global OT and IoT Threat Landscape Assessment Report covering the evolving cybersecurity environment surrounding sectors such as manufacturing, oil and gas, smart cities, maritime projects, and critical infrastructure. The report prepared by Sectrio’s threat research and analysis team covers data from over 75 cities across the globe covering over a billion attacks and 10,000 (collective and cumulative) hours of analysis of cyberattacks, malware, hacking tactics, network breaches, Dark Web chatter, data leaks, and other important aspects related to enterprise and critical infrastructure cybersecurity.    The comprehensive threat landscape assessment report has analyzed cybersecurity from five perspectives viz., the evolution of threat vectors, mode of attacks, cyberattacks logged, targets attacked, and cybersecurity gaps exploited. It covers the analysis of stolen data released on the Dark Web and other forums as well.   Key findings from the IoT and OT threat landscape assessment report:  To access the IoT and OT threat landscape assessment report, visit this link: The 2022 Threat Landscape Assessment Report To request additional information, visit this link: Contact Us To try our threat intelligence feeds for free, visit this link: Sign up for free threat Intelligence

Sectrio releases 2022 IoT and OT threat landscape assessment report  Read More »

2022 CISO checklist for cybersecurity success

Presenting the 2022 CISO checklist for cybersecurity success

Cyber Security, ICS, IoT, OT /

As per the findings of PwC’s recent annual CEO survey, CEOs across the globe have ranked cybersecurity risks as a bigger concern than the ongoing Covid-19 pandemic, economic volatility, or even climate change.  The survey, covering 4,446 CEOs from 89 countries and territories has offered specific data points around Asia-Pacific, India, Mexico, Central, and Eastern Europe, Malaysia, among other countries. The increasing attention that cybersecurity is receiving comes in the backdrop of a steep rise in cyberattacks globally and in the countries mentioned above. Rising cyber concerns are also underscoring the growing role of CISOs across sectors. With increasing geopolitical concerns in Ukraine, UAE, and in other parts of Asia, cybersecurity leaders and CISOs are also dealing with other challenges such as: Rising regulatory requirements Strained budgets Lack of resources   Compartmentalization of security across organizational silos Talent shortages Specific Organizational cybersecurity posture concerns that are not on the Board’s radar  Burn out and overwhelmed by the pandemic and the disruption caused by it The role of CISOs has been evolving over the last few years with businesses giving them a larger say in the way businesses are run and a share of voice in the decisions of the board. However, in many institutions, the post of CISO has just been created or the role functions with many dependencies on other non-c-suite positions leading to a situation where the support they receive is not timely or is inadequate.  What can CISOs do to address such challenges? Democratize cybersecurity: run bug bounty programs and tabletop exercises by involving employees across the organization. Involve more stakeholders across decision-making layers and teams in all cybersecurity programs Pay attention to vulnerabilities: running vulnerability scans in a disciplined manner and taking prompt action on identified weaknesses and gaps can go a long way in increasing the distance between your assets and a cyber adversary. This should go with other measures such as micro segmenting networks, creating zones of digital priority, and maintaining an updated inventory of all assets and their functions. Promote a culture of pro-active compliance: many standards/frameworks proposed by (or that are part of) NIST, NERC-CIP, IEC 62443, and Zero Trust can be implemented with very little effort and by a simple rejig of operating processes, workflows, and inter-device interactions. Such measures can be taken up for immediate execution. (Check out our compliance kits for more information on how to get this done). Such measures should be taken up routinely and ingrained in the culture of the organization. Build and track cybersecurity checklists: across facilities and systems such as SCADA, PLC, industrial control systems, health and safety systems, remote management systems etc. Address institutional inertia: this is especially true of businesses that have been around for a while. Decisions taken to counter emerging threats to critical asserts may get stuck in layers of decision-making within the organization. By the time the decision is taken, it may be a case of too little too late.    IT-OT and IT-IoT convergence zones or other such zones where different tech streams overlap should receive additional cybersecurity attention. Track API usage: while APIs help ease integration challenges, they are among the biggest sources for cyberattacks. Hackers have been known to use APIs as conduits to open target networks. See if APIs used by your organization are leaking data or access   Clearly define tangible risks and provide solutions: CISOs have been doing this for a while. It is now time to take things to a different level. Identify scenarios that could harm institutional credibility and trust and link them to specific weaknesses or cybersecurity gaps and suggest solutions to address each gap See what your peers are up to: learn more about how they are dealing with similar challenges Watch out for regulatory advisories: in the last 3 weeks, there has been a flurry of advisories from various regulators connected with the ongoing Russia-Ukraine crisis. Such advisories can be passed on to all employees and used to generate cybersecurity awareness on the need to stay alert Study the cybersecurity practices of your vendors and supply chain partners: this may provide some fascinating insights into improving your cybersecurity posture while recommending ways to address gaps in the cybersecurity posture of your vendors and partners may help you earn more collaboration in the future when dealing with a cybersecurity event or for meeting a regulatory demand In sectors such as oil and gas, manufacturing, and utilities, cybersecurity audits should be done with the same level of diligence as that which goes into a health and safety and/or environment safety audit. Avoid burnout: delegate tasks beyond your immediate team. Identify cybersecurity champions from across teams and get them to help your team promote a cybersecurity culture of excellence and diligence Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Presenting the 2022 CISO checklist for cybersecurity success Read More »

Cyberattacks on Ukraine what lurks in the depths

Cyberattacks on Ukraine: what lurks in the depths?

Cyber Security, ICS, OT /

The unprecedented cyberattacks on the Ukrainian Army, defense ministry, and two large banks (Privatbank and Oschadbank) in many ways mark the dawn of a new era of geopolitically motivated cyberattacks. Even if it has or has not come from sources originally attributed to, the whole episode presents many reasons for concern. If a non-state actor is involved, then the ease with which the attacks were carried out is certainly surprising If an APT group affiliated with one of the states involved in the crisis has carried out the attack, then the latest cyberattacks are part of a series of attacks that have occurred over the last few months since the crisis began If the attack was carried out by an actor belonging to a country that is not part of the conflict in any way, then this attack that comes during a season of heightened tensions in the region could tip the scales and cause the first shots to be fired in the conflict due to the sheer scale of provocation. Now, that may not happen in this case, but these attacks could provide a sort of a playbook for other states and their APT groups to emulate to create geopolitical tensions quickly   Attacks on financial services and defense websites is clearly part of an act designed to send a message to some stakeholders involved in the conflict Cyberspace has now become a primary frontier where geopolitical adversaries can fire salvos without exchanging bullets or shots on the actual frontlines on the ground. While some may see this as a way of releasing accumulated geopolitical stress, there is a possibility of such acts spiraling into a full-fledged conflict, if left unchecked Cyberattacks have become a tactic for generating added pressure on the defense forces and the economy of an adversarial state. In the case of Ukraine, we have been reporting a rise in inbound cyberattacks since 2019. Reconnaissance attacks carried out during times of peace by APT groups may generate data and weaknesses that could be exploited during times of geopolitical stress or a conflict With expanding definition of critical infrastructure, a range of citizen-facing services will be turned into targets by adversarial states and actors backed by them. Citizens may even be targeted directly Lastly, such attacks can serve to deflect attention from another crisis or challenge that the adversarial entity may be planning to unleash in the short or long term All of the above are possibilities that could play out. So how can such cyberattacks on critical defense and financial services infrastructure be kept at bay? To defang a cyberattack, you need to not just detect these attacks but detect them early enough. What is even better is if you can catch these adversaries red-handed while they attack targets of low value that serve as traps. Large-scale decoys that mimic multiple elements of such infrastructures can be deployed to confuse and trap cybercriminals. They could also deflect sophisticated cyberattacks from APT groups and evolved hackers. The architecture for such decoy and deception technology involves the simultaneous use of simulation and dissimulation. Simulation involves creating a shadow or fake infrastructure through mimicking, inventing, and decoying fake digital infrastructure that appears authentic enough to keep the intruder engaged in the worthless pursuit of data or access to other resources. Dissimulation covers hiding, digitally camouflaging, and masking data and digital assets to hide them from hackers.  Both these measures can help keep critical infrastructure safe by deflecting cyberattacks and confusing the hackers. Sectrio has evolved multiple models to create such decoys at scale. We are today working with financial, industrial, and critical infrastructure operators globally to create scaled decoys that can be launched faster and keep your digital assets safe from cyber adversaries. Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Cyberattacks on Ukraine: what lurks in the depths? Read More »

Evolving traditional ICS threat hunting to detect new threats

ICS threat hunting needs to evolve to detect new threats

Cyber Security, ICS, OT /

What is threat hunting?  Threat hunting refers to the processes and methodologies involved in seeking to identify threats in your network proactively. Threat hunters work by searching for signs of a breach or compromise (indicators of compromise) to indicate the presence of a threat.    In the case of industrial control systems and OT, the hackers can deploy multiple techniques to hide tracks and footprints and pass the digital divide between various systems to launch sophisticated attacks against ICS. While threat hunting in traditional systems is well established and follows a predictable path, in the case of ICS, there are many challenges to be overcome to make threat hunting more effective.    While MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework has been commonly used to identify tactics, techniques, and procedures (TTP) used by a hacker, the use of this framework for detecting threats related to ICS has not been a smooth affair. This is primarily due to the diverging nature of OT networks and controls as also the lack of visibility that IT network managers take for granted.   Further, the traditional threat hunting practices are designed for IT, and they cannot be extrapolated to cover OT and ICS without losing out on sophisticated actors and threats that may just sneak in.   ICS threat hunting challenges   In ICS, threat hunting should necessarily consider unique assets, logging facilities, devices, embedded firmware, and control systems that converse using traditional protocols. Further, a cyber adversary in an ICS environment would use a range of varied tactics (significantly different from that of an adversary targeting IT) for targeting ICS and OT. This will include tactics to degrade defenses, further network persistence, control manipulation, and damage to assets.   ICS threat hunting can turn into a complicated exercise due to a lack of information at various levels (inventory, patch status, operational dynamics, etc.)   The primary security layer when it comes to ICS threat hunting should involve and cover anti-breach solutions (across network and endpoints), network-level security, tamper detection, and port analysis, the secondary layer is where ICS focus comes in. Programmable Logic Controllers (PLCs) or Remote Terminal Units (RTUs) and other control and coordination instruments and gears should come in for specific attention and these could bear the biggest brunt of a cyberattack.   Data collected from these sources should be used to devise a comprehensive threat hunting policy and execution game plan. Cybersecurity posture can be called robust when the infrastructure is protected using a robust and dynamic mechanism that responds to threats as they emerge. This includes active and passive defenses, inventorization of ICS inventory, patch logs, real-time security monitoring, event logging, and cross-facility coverage.      Critical facilities and infrastructure (especially in manufacturing, oil and gas, and utility plants) linked to health and safety systems should get additional attention as their failure could turn into a catastrophic event    ICS threat hunters should have extensive knowledge of all OT systems, protocols, and security practices. Over the years, different facilities within the same organization separated by geography could have evolved different practices to secure their premises. Threat hunting should consider such variations and constantly evolve to cover new and dynamic threats.  OT and ICS protocol coverage for threat hunting is a non-negotiable requirement.     Finally, ICS threat hunting needs to constantly evolve in line with the changing OT threat landscape in cyberspace. Episodes like the attacks on the Ukrainian power grid and on water treatment plants in Florida and San Francisco have clearly shown that hackers are aware of the gaps in OT and ICS cybersecurity and will stop at nothing to exploit these gaps.    Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

ICS threat hunting needs to evolve to detect new threats Read More »

Building an improved industrial control systems cybersecurity governance model

Building an improved industrial control systems cybersecurity governance model  

Cyber Security, OT /

With rising cyberattacks on industrial control systems, ICS security teams are rushing to put in place an ICS security governance model that doesn’t just secure their control systems but amplifies the impact of institutional cybersecurity measures.   The foundation of a good ICS security governance model rests on 3As viz., awareness, accountability, and authority. Teams invested in ICS security should cover all three, to begin with, so that the fundamentals and the execution machinery and goals are aligned to any model that emerges later. Most organizations find their governance models pitted against bureaucratic inertia, misalignment with leadership goals, lack of accountability, evolutionary path, and specific objectives that are understood and accepted by all. Thus, by faltering in the first steps itself, the governance model doesn’t even get a chance to stand, let alone run.   Across industries such as oil and gas, manufacturing, and utilities, the teams tasked with managing ICS security often run into organizational goals that focus on improving employee productivity and output, meeting production schedules, etc. In such instances, ICS security measures added to control systems are perceived to slow down everything and thereby run counter to institutional priorities. We have all been there, haven’t we?  But with the emergence of new threat actors and independent groups targeting OT and ICS infrastructure, businesses need to take up the task of conceptualizing and deploying an ICS governance model in a hurry. Here are a few steps for ICS security that you can take to get this going: Never reinvent organizational culture: instead, bring a security dimension to the culture by making employees more risk and cybersecurity aware. Your organizational culture should be agile enough to incorporate security-related concerns and measures with ease. Creating a whole new culture might take time and resources and considering the rise in cyberattacks, you may not have that kind of time to get things in place.  Empower the CISO: the alignment in terms of budgets, ultimate authority and decision-making power should lie with the CISO. A CISO should be in a decision making rather than an influencing capacity when it comes to the overall cybersecurity posture and functions in the organization. To learn more, get the CISO handbook now. Go by impact view: every control system owner should be aware of the impact of a cyber incident on their respective operations. All resilience measures should also be linked to every unit and control management team in the organization. For instance, the shop floor could have its understanding of an impact of a targeted cyberattack on it but this understanding should be developed in collaboration with the ICS security teams, and if needed budgets can be assigned at this level along with the required accountability as well.  Measure everything: never keep your objectives at a theoretical level (prevent cyberattacks, address vulnerabilities, etc.) Instead, try and formulate a KPI-based (BRAG) scorecard for each parameter and track it separately and collectively (time to detect (detection time and quality as well) and address threats, time to patch, etc.). Each control area should have these KPIs that are tracked.    Conduct audits periodically to get data on opportunities for improvement. Consider frameworks such as NIST CSF, Zero trust, IEC 62443, etc., to improve basic governance parameters     Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Building an improved industrial control systems cybersecurity governance model   Read More »

Getting your basic cybersecurity practices right

Basic IoT and OT security practices that can significantly reduce your cyber risks

Cyber Security, IoT, OT /

[et_pb_section admin_label=”section”] [et_pb_row admin_label=”row”] [et_pb_column type=”4_4″][et_pb_text admin_label=”Text”] When it comes to IoT and OT security, vendors will tell you how important it is to have a cybersecurity solution in place. Yes, one cannot keep hackers at bay using firewalls or air gaps alone. But in addition to a cybersecurity solution, your industrial control systems (ICS), SCADA systems, PLCs, networks, and IoT devices can certainly do with a lot more diligence in formulating and deploying cybersecurity best practices. We are talking about simple practices that can improve your odds in the fight against hackers and cybercrime. We have put together a few of these important IoT and OT security measures here: Improve patch management: this includes automating the discovery of unpatched systems and application of patches as and when they are made available. The entire lifecycle including the discovery of devices and systems, patch approval, distribution of updates, system and device reboot and finally logging of patch status should be automated Your cybersecurity team should ideally track Common Vulnerabilities and Exposures (CVEs) announcements and in case a patch for a vulnerability is not made available immediately, you can reach out to the OEM and ask for it or quarantine the affected systems till the patch is released. Vulnerabilities as old as months and years have been used in recent instances of  ransomware attacks Know what is connected and why: in some oil and gas, and industrial control system deployments, we came across devices that were of 90’s vintage and not only were they unpatched for years together, but the OT operator in this case was not quite sure about the role of some of the devices. Your device and infrastructure inventory has to be updated frequently and these updates should be managed centrally by an inventory management team   Run tabletop exercise, simulate an event: see how various teams respond to a IoT and OT Security incident, and more importantly, figure out how much of your data and infrastructure is at risk. This is not just from a cyberattack, but also missteps or mistakes in decision-making in the aftermath. It is better to have these errors show up during drills rather than during a real cyberattack  Conduct audits at least once a month to ensure that you are adequately prepared to handle an incident from threat detection to neutralization and continuity of business perspective Always pay more attention to health and safety equipment and controls. Ensure that they are tamper-proof and working with adequate levels of IoT and OT security Sensitize employees on the need to be risk aware at all times. Convey a number to indicate the potential loss that the business could incur because of a cyberattack. This number should be based on analyzed data rather than raw assumptions. These small steps can go a long way in securing your business and in raising awareness among employees. Beyond this, you can also look at going for IoT and OT focused threat intelligence, micro segmentation, and employee certification on cybersecurity to improve your overall IoT and OT security posture.   Try our rich IoT and OT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio. Visit our compliance center to advance your compliance measures to NIST and IEC standards: Compliance Center Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report   [/et_pb_text][/et_pb_column] [/et_pb_row] [/et_pb_section]

Basic IoT and OT security practices that can significantly reduce your cyber risks Read More »

Rising ransomware attacks point to a larger cybersecurity problem

Rising ransomware attacks point to a larger cybersecurity problem

Cyber Security, Featured, OT /

In January 2022, we witnessed a huge rise in ransomware attacks specifically on IoT and IT networks. Most of these attacks were designed to lock up the data, copy parts or whole of it and then dump the data on the Dark Web. If media reports are to be believed, many organizations that ended up paying a ransom didn’t get their data back. If we break up the ransomware problem, we can identify these as the key attributes of the bigger challenge posed by ransomware to businesses: Insider threat: emerging from employees or partners willingly or unwittingly ending up aiding hackers. Learn more about dead drops Rising potency of ransomware: hackers have invested extensively in ramping up the facilities behind ransomware production and distribution and this is the reason behind 2021 turning into a very successful year for hackers Growing ransom demand: there are contrasting reports on what was the highest ransom demand placed last year but it can be easily inferred that the ransom rates have certainly grown significantly in 2021 The rising role of enablers: while the number of ransom developers is growing, so is the role of the enablers. These include negotiators and even professional breach enablers who help in placing the ransomware in the target networks Bleeding data: in December 2021, the volume of new data dumped on the Dark Web rose by nearly 3 TB.  Hackers are now more aware of the vulnerabilities, cybersecurity gaps, and process deficiencies associated with IoT, IT, and OT in businesses and they are using this information to breach assets and networks    What can businesses do to protect themselves from ransomware attacks? In sectors like manufacturing, pharma, defense, and retail, cybersecurity needs to be embedded into supply chains and feeder processes For small and medium businesses, operational visibility and visibility into networks at all times is a must. Oil and gas (upstream and downstream operators) is a sector that has been traditionally vulnerable to a range of threats. Oil and gas companies need to harden their operations from a cybersecurity perspective and revisit their processes and cybersecurity practices to align them with the new cyber threats and challenges that are emerging in the background Healthcare firms need to ramp up their IT security and invest extensively in securing their data Micro-segmentation: involving fragmenting networks to enable greater visibility and granular enforcement of cybersecurity policies is a must deploy cybersecurity measure    Industrial Control Systems and health and safety systems should be especially protected as these could not just create an operational challenge for businesses but more importantly, could create a health and safety hazard for employees working in manufacturing plants that deal with oil and gas products and other complex and dangerous chemicals Cybersecurity audits should be conducted at least once a month. There are many available formats for conducting this. We have created one for you here that is aligned with the NIST framework Encourage employees to report incidents and incentivize them to proactively detect and report vulnerabilities or security gaps Businesses connected with a long tail and short tail supply chains should collaborate to arrive at common security standards and measures that they can deploy together Enforce a no-click policy for suspicious emails Look at opting for multiple vendors for obtaining your threat intelligence feeds Looking at improving your IoT, OT, and IT cybersecurity, consult an expert from Sectrio for free. Book your slot now. Try out our threat intelligence feeds and improve your threat hunting capabilities. See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Rising ransomware attacks point to a larger cybersecurity problem Read More »

Improving OT security by understanding key security challenges

Improving OT security by understanding key security challenges

Cyber Security, Featured, OT /

The convergence of IT-OT and IoT has opened new avenues for hackers to target systems based on those three technologies. OT however, has been impacted uniquely as the security dimensions of OT have not been fully understood by security practitioners. With the collapse of the traditional air-gapped systems, OT devices are now being targeted extensively by various hacker groups. To counter them, we need to get to understand how are hackers breaching OT systems.   There are two main routes of entry for hackers into OT Security. One involves using networks as conduits to access a production facility in a connected OT environment. In an unsegmented network, all (compromised) connected assets could serve as entry points for hackers. This is especially true for OT operators in traditional industries such as manufacturing, power plants, oil and gas refineries, and pipelines that are now embracing some form of digital transformation and large-scale automation.   The second conduit involves a physical breach by an intruder carrying a USB drive with the malware payload and connecting it to the OT network from within. Such a modus operandi is often used to target OT systems within the defense, maritime, and power companies that still house unconnected or air-gapped OT security systems.    OT cyberattacks are thus not accidental episodes and require significant planning and execution finesse on the part of the hackers.  In the case of many defense facilities such as radar stations, communication, and signals hubs, we have seen hackers or their enablers throw infected pen drives into the campuses of these defense entities to be used by an unsuspecting employee. Though the use of USB drives is strictly regulated, such devices still manage to become part of some of the large OT breaches we have seen in the last few years.   OT Security challenges and targets Safety and control systems are high on the wish list of hackers. These are the systems that when accessed and modified can cause tremendous disruption and loss. Such breaches are also hard to contain and soon the news of the breach reaches the external world and the hackers through media. ICS and SCADA systems have been traditional targets for hackers and they continue to be targeted.    A safety instrumentation system or even an environment control system both of which are key to ensuring safety in plants and other locations which are accessed by plant personnel. This puts their lives at risk and could also pose a danger to critical instrumentation including their calibration which is often quite sensitive and even a minor change could trigger a series of production errors downstream.   Improving OT security  Start by viewing IT and OT as extensions of the overall digital infrastructure and cover them through a unified security policy that takes into account unique cybersecurity aspects for them individually as well.   The above policy should also contain common goals for both IT, IoT and OT security teams. Key KPIs and milestones should also be formulated that they can achieve in collaboration   Conduct periodic joint digital security audits across the enterprise to evaluate the institutional cybersecurity posture and to eliminate gaps  NIST cybersecurity framework and the IEC 62443 can be used as guides to secure parts of the network or as a whole   Micro segmentation: can be used as an excellent tactic to isolate the overall digital infrastructure into fragments. This will not just help contain an attack but will also prevent malware from moving laterally   For digital transformation or large-scale OT automation projects or those involving phased transition to IIoT, OT security teams should be roped in to develop a comprehensive security roadmap that doesn’t just end with the transition. Instead, the roadmap should cover long term operational security for all assets and must take into account converged threats or threats that might emerge in the future    As part of the unified security, policy, an OT security specific policy can also be developed to bring OT security on par with IT security   Operate with OT-focussed threat intelligence to detect unique threats that may affect OT but not IT  Vulnerability assessments and gap analysis should be conducted at regular intervals and such processes should be further documented through regular audits   Security for IT, IoT and OT assets should be owned by a joint cybersecurity team including members from both sides. This will ensure the evolution of a common minimum standard for security across the organization    Deploying an OT security solution that works to secure all aspects of OT is also recommended   Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Improving OT security by understanding key security challenges Read More »

Scroll to Top