OT

In a new release dated January 18th, 2022, CISA has advised businesses across sectors to ramp up their cybersecurity measures to align with the deteriorating cybersecurity environment across cyberspace. The advisory relates to the recent cyber attacks on various businesses in Ukraine. Ukrainian firms have reported several harmful malware on their systems. CISA believes that such malware could potentially be used to disrupt other sectors and nations as well. Broadly CISA has advised businesses to focus on reducing the likelihood of cyber intrusion, detect intrusion, ensure that the organization is prepared to deal with an intrusion, and enhance institutional resilience to respond effectively to a potentially destructive cyber episode. Here are a few key points that we have distilled from CISA’s advisory Businesses have to work to validate all existing remote access functions. Multi-factor authentication has to be deployed for all such instances Apply patches at the earliest and avoid skipping patch schedules Security teams should disable all non-essential ports immediately Secure cloud services: Implement strong controls to cloud services as identified in another CISA guidance Ensure that cybersecurity personnel are empowered to detect, log and report any anomalous network activity.    Protect the whole network from cyberattacks through anti-malware software, ensure that the software is updated Organizations working with Ukrainian entities need to deploy additional measures. They should isolate, monitor, and inspect traffic from such entities Designate a crisis response team with a clear RACI structure to ensure tech, communications, legal, and business continuity Enable adequate provisioning of surge support Conduct tabletop exercises to test the understanding of roles and responsibilities of all personnel. Use our template to get started now: IEC 62443, NIST Table of Roles & Responsibilities Template Test all available backup procedures to ensure that critical data can be accessed and restored rapidly without any delay Businesses that are using industrial control systems (ICS) and operational technology (OT) should conduct a test of their manual controls to ensure the continuing operability of critical functions in case of network disruption or loss of trust in the integrity of the network In light of the above advisory, critical infrastructure operators and those who have IoT and OT installations must revisit their cybersecurity practices and posture on a priority basis.  Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

How will the new year (2022) impact IoT and OT security in the Middle East and what new trends should we be aware of? Sectrio’s threat research team offers answers. Rise of geopolitical threats in 2022 With the worsening geopolitical situation in the Middle East, we can expect new levels of APT activity. Most of this activity will target critical infrastructure including those connected to shipping, power, and communications.   The cost of cyberattacks will go up The average ransom demand in the region has been increasing by USD 500,000 (pre-negotiation) in the last three years. This number is expected to rise this year as well. Cyberattacks and reconnaissance attacks on IoT and OT deployments will intensify Based on past patterns, we expect cyberattacks on UAE, Saudi Arabia, Oman, Turkey, and Bahrain to rise in the first half of 2022. Health and safety systems, ICS, SCADA, PLC, IoT devices, and networks will be targeted extensively by hackers. New malware will dominate H1 2022 New and more sophisticated and stealthy malware will be launched by hackers to target manufacturing and utility infrastructure. H2 will see the emergence of more variants. Ransom will be the key objective of malware developers. Crypto mining malware will also make a significant impact on businesses this year.    Network and device vulnerabilities will get more attention from hackers and businesses While hackers will try and exploit these, businesses should try to get more disciplined in adhering to patching and vulnerability scanning schedules.   2022 will be the year of cyber threat intelligence Towards the second half of 2021, many businesses were seen shopping for threat intelligence feeds. This exercise will intensify in 2022 as regional businesses seek to improve their threat hunting and detection capabilities. Compliance and standards Compliance mandates will move from a voluntary exercise to a compulsory one for all sectors. This means that regional governments will ask businesses to ramp their cybersecurity measures to align with existing standards like IEC 62443 or new ones that will be enacted.   The year of reporting As we have seen in the US, reporting after a cybersecurity incident will be made mandatory with clear guidelines on who should know what and when.   Supply chain vetting and internal security practices will turn mainstream and streamlined This year, the supply chain situation will stabilize across the region with the adoption of new cybersecurity practices to deepen resilience and to ensure that these are not disrupted from within.         Attack surfaces will continue to expand Thanks to digital transformation and automation across sectors, more and more attack surfaces will emerge for threats to exploit. Digital transformation in sectors such as manufacturing should be undertaken with care and diligence to prevent these from opening gaps in the overall cybersecurity posture of businesses.   More IoT and OT cyberattacks will grab headlines Businesses will find it difficult to contain information on such attacks and thus we will see a rise in the appearance of such reports in the media. Sectrio is offering its threat intelligence feeds for trial for free for 15 days. Our feeds work with the best SIEM solutions out there and meet all the parameters listed above. To access our threat intelligence feeds for free, sign up now. Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Threats to IoT deployments grew significantly in 2021. According to Sectrio’s threat research team, the volume of complex cyberattacks on various IoT projects grew by a staggering 400 percent in the January to November time period of 2021. This is a cause for concern and highlights the need to act immediately to protect against such attacks, secure assets, and work towards shrinking the available threat surfaces. Why will IoT security draw more attention in 2022? Based on the data we are analyzing from our global honeypot network, attacks on IoT devices continue to grow. We are also expecting new forms of ransomware and breach tactics to be deployed to destabilize IoT deployments in the next 90-120 days based on the malware development cycles we have seen in the past.  Here are a few steps that we recommend you can take to secure your IoT infrastructure in 2022: Buy devices from authorized and credible suppliers only. This includes everything from CCTV cameras to monitoring and management devices. The supplier should ideally provide visibility into their supply chains including the suppliers and countries from where components are procured Perimeter-based security is passe: your data and assets need to be secured through a zero-trust policy wherein trust are granted for a session only after credentials are established before a transaction. No device will have permanent access to any part of the network Voluntarily adopt stringent standards: while IEC 62443, NERC CIP, NIST standards, and standards proposed by regional regulators can be adopted at level one, nothing should stop your organization from going well beyond these mandates to improve your compliance posture Conduct a cybersecurity self-assessment run once a month to see how you are doing on various IoT security parameters and to figure out how you can improve. Build cybersecurity plans that are at a unit level (device), assembly level (aggregation of connected systems), communications (network), storage (cloud) Work with vendors who give maximum IoT cybersecurity coverage for your unique protocols and device, and data eco-system Sensitize employees and other stakeholders on security issues Let your SIEM work with threat intelligence that is specific to your industry and business context  Scale up your IoT security solutions by having regular conversations with all stakeholders Download our compliance kits to jump start your IoT security journey with the right steps Talk to our cybersecurity experts to learn how Sectrio’s IoT security solution and threat intelligence can help your business See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report  

Broaching IoT and OT security conversations could be a tough proposition at all times. Even in organizations that have experienced a cyberattack, board members and management teams often chose the middle path when it comes to preparing a roadmap to keep their businesses secure and risk-free. This path involves complying with basic regulations, ramping the cybersecurity up a few notches, and patching core systems. Building a culture of IoT and OT security is a different game plan altogether and even the most technically mature organizations often find it difficult to tread a pro-active path when it comes to securing their infrastructure.  So how can CISOs initiate a conversation on expanding their IoT and OT security investments in such a situation?   Understand organizational dynamics  Sometimes, CISOs may be part of an organizational hierarchy that places a layer of leadership between them and the board. Decision-making may be a diffused or concentrated affair and there may be levels of bureaucracy involved. To make IoT and OT security decisions more acceptable, CISOs need to have strong relationships across levels. They should also be good listeners and be receptive to ideas emerging from various corners of the organization. You never know from where your next idea might come from and if it is from within your larger organization, you have already got a champion who can work with you to realize the idea.   Data always helps With more information on threats and breaches being available on the net, you can always quote these sources in your conversations to build a case for improving your facility and enterprise-level cybersecurity measures. Without data, any pitch will not develop legs and will therefore be restricted to the presentation deck it belonged to with the idea of never seeing the light of the day. Your pitch must be bold but wrapped in messaging that will resonate.   Gathering and presenting data on the possible level of disruption at various scales will also help. Threat and cyber risk modeling can help in this context. Check out our latest IoT and OT Secuiruty threat landscape report here Rope in competitionMany organizations do speak a lot about IoT and OT security as a priority item in their business agenda. If your competition is already talking about compliance, then you need to do so as well. Compliance is also a requirement for participation in many large projects and companies can be disqualified at the bid level itself if they do not comply with many cybersecurity mandates. This can be a powerful aid to help you push for a wider cybersecurity agenda.   Lead by compliance   Many IoT and OT security mandates are advisory in nature. However, this year many of those may turn compulsory as governments are increasingly asking businesses to improve their IoT and OT security measures. By taking a lead on compliance, you will be able to build more consensus around cybersecurity measures and improve awareness as well. NIST standards, IEC 62443, and several state and regional standards can be considered. Don’t forget to download our compliance kits. These will help you jumpstart your compliance drive. Don’t lose sight of the trees for the forest  People lie at the heart of every cybersecurity measure. While teams may come on board early, individuals may resist or show less inclination to adopt voluntary measures. It is therefore essential for you to keep all employees engaged through periodic advisories, one-on-one discussions, or through actual demos to get them to become more serious about IoT and OT security. As employees take the lead, they will help you build a context to push for more IoT and OT security investments.   Work with the board to set cybersecurity goals  This could include compliance measures and business measures to improve cybersecurity. Measures that could be considered as part of these goals include:  Operating with the right threat intelligence for your IoT and OT deployments   Compliance with the right set of cybersecurity standards   Segmenting networks to improve visibility into network activity   Keeping track of all connected assets at all times   Establishing cyber decoys to deflect cyberattacks   Identify and fix vulnerabilities   These tactics could be coupled or bundled together into a larger goal.   To learn more about IoT and OT cybersecurity measures, Reach out to us today   See how our OT-IoT-IT security solution can handle such threats to your enterprise. Book a no-obligation demo.  Get access to enriched IoT-focused cyber threat intelligence for free for 15 days   Download our CISO IoT and OT security handbook   Access our latest Global Threat Landscape report