Is your OT-IT network fully Isolated and secure?

By |

A Deloitte Study titled Manufacturers Alliance for Productivity and Innovation (MAPI) indicated that 40% of Manufacturing firms have experienced a cyberattack in the last 1 year and about 38% of them suffered damages of over 1 million USD.

While some organizations wouldn’t want to go public, companies like Norsk Hydro came out in open and informed all stakeholders about the compromise which was to the tune of 52 million USD. Many victims of cyberattacks are not so bold and the cost of cyberattacks is often suppressed under various accounting heads in the balance sheet. Underreporting of cyberattacks is a global problem. This is why US lawmakers recently introduced the ‘Cyber Incident Reporting for Critical Infrastructure Act’ which mandates entities falling under the purview of this legislation to report cyberattacks to a specialized compliance agency established for this purpose.

While traditionally OT networks in the manufacturing environment were air-gapped and isolated from the IT networks, Manufacturing firms have swiftly move towards Cloudification of their IT application & there is an indication of these technologies used for remote monitoring and analysis of Industrial Control Systems.

From our numerous OT threat Assessments on Manufacturing industries, we have identified a few common vulnerabilities, such as:

  1. Information Disclosure
  2. Default Credentials
  3. Weak Network Segregations
  4. Network Map of other devices
  5. OT devices using default username and password
  6. Unpatched OT devices leading to critical vulnerabilities such as
    1. CVE-2014-2254
      i. These vulnerabilities could be exploited by remote attackers to cause a denial of service and allow attackers to hijack the authentication of random victims via various vectors. It could also allow attackers to access additional diagnostic functionality with physical access to the UART interface during the boot process
    2. CVE-2021-1451
      ii. These vulnerabilities could be exploited to execute code or commands remotely on affected systems. This could give the remote attacker complete access to systems which could further lead to information disclosure, denial-of-service, etc

As manufacturers get busy with meeting their production targets and cybersecurity gets lost in layers of processes and applications, adversarial entities find it easy to breach and steal data or even hold data to ransom

To learn more on how to secure your manufacturing infrastructure, join our cybersecurity experts Kiran and Kapil at our booth H2-D1, from 17th to 21st October GITEX 2021 as they discuss and offer simple, cost-effective, and lasting solutions to:

  • Improve visibility and reduce time to action to respond to cyberattacks
  • Comply with frameworks such as Zero Trust and IEC 62443
  • Deal with vulnerabilities while preventing adversaries from exploiting them
  • Prevent your networks from leaking data and credentials
  • Tie-up loose ends in your cybersecurity posture and gather intelligence to make insight-driven decisions

Register today for a free consulting with Sectrio’s Cyber Security experts at GITEX.

Naveen Hemanna
Naveen has been in the technology industry for over 13 years primarily working for product companies and helping customers to find solutions. With his experience of working with Telecom and Manufacturing companies, he has gained sufficient knowledge of how connectivity is shaping the industry and how well prepared they need to be from a Security standpoint. In his current role, he is responsible for revenue growth of Sectrio (A division of Subex) – The Digital Security arm of Sectrio in the EMEA region.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio