Our Videos

Audio Transcript we are seeing malware like Atkins ransomware and other malicious you know targeted attacks that are happening across this political infrastructure and that’s one of the reasons why I feel and generally like why the industry is moving more towards compliance and standards heavy regulations and mandates that majority of the critical infrastructure companies organizations bodies need to adhere to if you see here you know the NIST v 1.1 that was recently released or revised and now heavily being adopted across industries and many of our customers who we work with you know in in the region are trying to build the survey resiliency model and primarily what we see here is most of the legacy infrastructures system their SCADA. what they currently have are either a very specific to a vendor or they have proprietary protocols that some of these devices and endpoints run which in most cases are very difficult to patch if there are even any vulnerabilities identified how do we read the traffic how do we validate what commands are being run on some of these you know large equipment’s are some of the key questions or concerns that you know we’re seeing come a lot from our customers and that’s where the cyber resiliency model is driving that mandate culture across industry leaders where they’re now you know they’re now focusing on how do we identity how do we identify what is there in the network how well do we know what’s out there what does our visibility look like how do we protect it do we have enough mechanisms to protect specific security controls that are you know that are very relevant to my industrial or my critical infrastructure but having these two is great but what we’ve seen is that it never is sufficient especially in security so having an icon glass view in order to detect respond and what does my recovery mechanisms look like so these five-step process and it’s a it’s a great document that i would suggest everybody to go through. The controls that are necessary which is specific to your organization in addressing some of these you know large targeted attacks that we’re seeing within this critical infrastructure adding to that we are also seeing we are also you know very familiar with IEC 62443 nurse have compliance where both these standards are you know practiced across layers different layers within the Purdue model so we talk about layer toward below and then there is the upstream which connects back to the enterprise infrastructure so when there are systems that has been operating for decades without any changes some of the questions even when deploying security specifically for the industry we’re seeing that how is this going to impact our network and we have had these systems for ages now we have not been under risks so far and we’ve not been targeted why is this now that is coming and why do we need to adapt it now so that there that is some of the questions what we see and you know there is a clear indication that even the attack vectors and overall threat landscape is changing it’s evolving so we’re not seeing any of those script kitties. what we were seeing earlier or maybe one large targeted attack in a few years that were happening back you know when we rewind ourselves back about five six or seven years ago those are not some of the things that be seeing now it’s changing it’s happening more frequently we’ve seen 2020 and 2021 has been some of the largest you know largest cyberthreats that has happened across the globe which are targeted towards these critical infrastructure so as we see it will be an interesting space to see how well the companies will adopt to some of these models adopt these models and get familiarized in having necessary security controls do we have specific team teams in be it in the soccer in in their dedicated OT cybersecurity vendor focusing on some of these compliance mean you know the standards that are coming in and how do they you know how do they rethink of what the security strategy looks like will will be an interesting um process that i think i think all of us will go through this

Audio Transcript Cybersecurity Awareness month, to begin with, let’s understand what really is going on out there as far as the threat landscape is concerned what is getting attacked who’s attacking it that that’s something that we need to really understand to really get a grip on what really is happening out there and what we need to worry about as well right so the first point which speaks about the APT groups uh which are nothing but the state-sponsored hackers these are the most sophisticated uh sort of groups out there because they have access to the latest malware the latest breach tactics and these are very evolved hacking groups which are out there and most of them are supported by certain states either officially or unofficially they’re financed by them they’re backed by them with you know these labs where the research is going on is all funded by certain states right so what typically happens is. Geopolitical tensions and what it means to cybersecurity In a situation where there’s a geopolitical tension between different states these are the actors who jump in and sort of carry out cyberattacks against each other right so these groups are evolving and collaborating by that I mean that there is a huge investment that is coming in terms of the funding in terms of you know the r d efforts and a lot of these apt groups which are across certain geographies belonging to different countries they’re collaborating with each other in the sense that they’re sharing malware they’re sharing data items they’re sharing you know stolen data this show stolen information and you know there’s this real-time exchange uh that is taking place uh out there so this is leading to uh and a more increase in sophistication and this is also adding another layer of you know intrigue so that it’s making it very difficult to detect which particular group is behind which particular attacks. Read our weekly OT and IoT Cybersecurity updates and threat monitor. No prices for guessing the second point out there which is that the government agencies are really on the radar this has been happening for a while now these efforts have intensified since the covid uh sort of pandemic took um you know center stage sometime last year so what really is going on if we wish to understand here is that uh you know a lot of government agencies which were at the forefront of uh this effort to sort of you know uh fight against coveting have all been targeted by the hackers primarily to extract a lot of information from citizens and citizen groups. which calls for sophisticated OT cybersecurity in place measures you know information belonging to government sort of you know agents and people who are involved in this particular you know to fight against covid the hackers saw this as an opportunity to sort of you know to leverage the confusion and the large-scale disruption that had happened with people working from home they didn’t know when they were going to get back to office uh there was a lot of remote management of infrastructure taking place so you know hackers use this sort of you know the opportunity to strike and they were able to sort of you know leak out a lot of information. which they’re currently using to carry on these cyber-attacks against critical infrastructure and sort of businesses which are out there and again the third point about ransom yes uh it is the ransom the cost per GB of uh you know data. This calls for sophisticated OT and IoT cybersecurity at the earliest. I’m going to be sharing some more information on that it’s again rising which is a huge concern again for all cybersecurity professionals because every single successful cyberattack that happens by that I mean that where there is a ransom that exchanges hands where a ransom is paid to hack a group or groups out there to release that particular data leads to actually more cyber attacks happening in the future because this money is invested by these hackers to carry out more attacks in the future and also to develop better, uh you know ransomware and things like that. The fourth point about malware launch pads these are nothing but uh botnets and other infrastructure uh that the hackers maintain primarily to strike at targets like critical infrastructure like you know businesses manufacturing and what have you so what really happens in this particular instance is that earlier we were seeing that botnets were located in remote areas of countries where you know there was some connected infrastructure like uh you know renewable uh energy uh projects which were you know uh managed remotely and where there was a lot of IoT being deployed and they were getting hacked and converted into botnets and you know used to sort of carrying DDoS attacks against critical infrastructure and other uh businesses out there right. Request a demo for our OT and IoT Cybersecurity Solutions today! What we’re seeing now is uh uh there are botnets which are operating out of phones which have been hijacked you know mobile phones and mobile devices digital devices which have been hijacked and these botnets are slowly moving and sort of converging on urban areas right this becomes a huge point of worry for all of us because once uh these botnets enter urban areas then you will have a sudden rise in the number of botnets because the number of devices is more and will be very hard to detect them as well in an environment where you know there is like you know galaxy of devices so to say uh out there this is again a worrying concern for cybersecurity professionals which we have been observing for a while it’s intensifying as of now as a trend then h1 of this year or rather h1 of most of the

Audio Transcript Cyberattacks across industries have significantly increased in their sophistication and I think we will also look at, some of the sophistication why is this even coming into place, what are the sophistication that we’re seeing in the cyberattacks across multiple industries. If you look at the left side of when viewing the screen there are key challenges underlying challenges that are actually drawing attention to build specific security. you know portfolio focused around your operational technology one it’s complex in legacy operational technology infrastructure (OT infrastructure) so as I mentioned earlier how well do we know what is connected on our because of the cloudification we have seen because of the break in the Purdue model with all different types of IoT and IIoT, devices that are coming now. The air gap network which was completely isolated that line is thinning and that’s where we’re seeing that now there are more and more devices which are connecting back to the enterprise connecting back to a central system and that that is something that is that was expected, because of the pandemic we’ve also seen there is a lot of remote working employees and plant managers are trying to remotely operate and keep their floors, floor shops up and running so those are some of the key questions that we all collectively need to answer. To say do I know what or you know do I know what exists, in my critical infrastructure facility especially when there is not, you know regular activities such as my i.t that are there do we adhere to all the compliance requirements that are being driven out or that has been mandated in the previous slides how well do we fit, do we check off all the lists and requirements that are there or do we need specific controls which are very, you know customized to my network and our infrastructure that needs to be adhered to also when we talk about the risks in the industrial machines itself as you see within the overall CIA triage availability is one of the critical components while integrity and confidentiality are equally critical these industrial machines run 24/7 and 365days. Any downtime will directly be a revenue, impact on the company on the organization and that will directly hit the RoI of the business so that’s where we’re seeing that making sure that the systems are up and running and no cyberattacks can, you know can cause this downtime in my industrial environment is some of the key challenges that majority of them across the globe are trying to answer, and also how well these systems are working, work with each other I’ve had the system for 20 years now I need to use a new technology that is coming in make them work together in such a heterogeneous ecosystem that we build. Even though I have my i.t specific security controls that are available is it sufficient to address what we need to maintain as part of the security controls in my not so those are some of the key challenges and consequences that we are seeing, also when we look at the overall security approach we’ve seen that majority of them have lifted and shifted their i.t security controls inside the roti environment which is great to start and you know to run with but it’s not a long term or a complete fool proof method. So this is where we’re seeing that is their asset management what kind of asset management frameworks that we’re using specific to our roti based on what we are seeing, across the assets that are present within our infrastructure, also what does the response plan look like, and I have maybe some third party system so vendor equipment that has been there on my ot floor, if there is an event or a breach what is the response plan that we need to have what are the playbooks that we have in place do we have enough playbooks that can address this kind of incident response systems or do we have an approach where we can identify are there any unmonitored systems in my network are there any misconfigurations that maybe I am not aware of because usually, this is a more reactive process and only when there is an event. in place that’s when we get to know that this was due to a misconfiguration that happened so what is the proactive measure that we need to take and also, causing, you know overall in terms of these attacks, we’re also seeing that it directly relates to the cyber physical systems right so it’s not about a computer or a server that is getting infected where there is, you know there is significant damage but here the damage is a direct cost to lives, where people are working, and, I think there was a recent article which was, you know not a very happy one but the first death reported in us because of ransomware that was targeted, to the hospital, so these are the kind of consequences that we see without, you know without having, sophisticated controls on the cybersecurity across industries all right.

Audio Transcript Hey everybody my name is Damon Acton, and I’m the VP for Americas here for Sectrio, wanted this film as a quick video to give an overview of some cybersecurity challenges that plague the water utility sector, so this is water and wastewater treatment. So just a quick overview of the threat landscape and the news we’ve seen recently that the Florida Water Treatment Facility had someone remotely change the chemical levels. Luckily, an engineer was able to catch it before it got out to the public, but also we’re starting to see more of those more and more of those types of events happen, not just ransomware events where people are trying to steal data from money, but what they refer to as kill, where so these type of events were malicious behavior is done in order to harm people. You also see in the news lately that water utilities from for the most part ill-prepared to deal with these cybersecurity threats. Very alarming. And last piece here it’s an old report from 2019, but it, but it’s still very relevant, said back then, even the number one fate facing threat for the water sector is cybersecurity-related endeavors, and this is where some APT’s or advanced persistent threats from Russia and other states run hacking groups are specifically targeting water and wastewater treatment facilities so. What are the key water and wastewater treatment utility’s cybersecurity challenges? Gravitated to the right. You see, some of those key cybersecurity challenges. Of course, everybody is looking at a number. One thing is uptime, continuity, continuity of services, and avoidance of any type of catastrophic events such as we saw in Florida. It could potentially have a dramatic repercussion. There are also issues to worry about with compliance. One of the interesting things that I saw two under the Third Point down there is that in the water, wastewater, or water utility sector, that device Discovery device visibility for it and even OT specific assets are a very high priority number one or #2 up there that they don’t know what they have in their network. So you can’t protect what you don’t know that you have. So the other point is identifying those vulnerabilities in the early detection of threats. A lot of the threats that we see, and we talked to customers, are actually silent in the network for six months or longer before they are found very alarming and also segmentation networks to prevent that lateral movement of malicious behavior. So in the IoT world, he’s starting to see devices that are interconnected in networks that were never intended to be connected originally, so they’re starting to come online these devices 20-30 years in the industry are now online, and they have all these vulnerabilities that they’re bringing with them. And so we’re seeing that some attackers are tagged targeting these older devices and are now online and use them to move laterally across those networks. So of the challenges is how to concatenate that trafficked, isolated, and the last piece that we see, and we talked to a lot of different customers about these converged networks. So there’s OT and IO T world converging into one centralized conglomerated governed network, and so it’s starting to bring some unique challenges that the IT side of the house necessary can’t address all the problems that the OT side brings. So how do you? How do you work on mitigating your cybersecurity risk? The curious to know more. We actually have an on-demand webinar coming up on November 16th at 1:00 PM Central time, so we are going to unpack myself and Kiran, who is the VP of Global VP of Digital Security One pack. Everything about the water utility sector talks about different cybersecurity prevention methods, methodologies, some compliance needs. Some industry driving factors. So please get on the website to book your slot now, and we look forward to seeing you. Cyberattack Prevention for the Water & Wastewater Industry

Audio Transcript This question we get quite often is what’s going on in the world, what should we see start as far as some trends. Sectrio actually manages the world’s largest OT and IoT honeypot network this allows us to grade some unique insights of what’s going on out there in the industry, and we try to break it down really simplistic over the last year into five main trends that we’re starting to see and then later on this slide Preetham also talk about kind of the future trends that we’re seeing a little alarming of course The first thing we have is hackers are aligning globally, so previously you had state-run hacking groups as known as APTs (Advanced Persistent Threat Groups), freelance hackers these established hacking groups they’re all in separate cells now they’re starting to collaborate amongst themselves to do centralized targets, so they’re geographically spread out, but they’re actually hitting targets on the dark web. It’s open almost to the highest bidder to say hey this is our target who can get in who can find a weakness and there’s coordination between all these different groups almost like a cloud-based virtualized hacking consortium we’ve also seen that our teams keep a big pulse on the dark web, so we’ve seen actual recruitment ads and efforts for hackers increasing dramatically in the last 12 months more so than ever before we’ve also seen that some countries that weren’t on the radar previously for those APTS are starting to pop up on the radar typically China, North Korea what have you Russia you’ve seen some typical news entities and some the usual suspects that are out there, but we’re actually starting to see other countries pop on the radar too. It’s just pointing again to that decentralized nature and coordination amongst global hacking entities, pretty scary stuff one of the second points that we’re seeing as far as trends were it was all about the money, 2020 was the most profitable year for hackers. 2021 seems to be on target to set a new record for that being that ransomware attacks are basically the cornerstone to monetize all efforts for hacking, on average it’s taken entities two million dollars to pay to get their data back for a breach and this is globally adding all that up in 2020 it’s about four billion dollars. You’ve already actually started to see a lot of entities out there instead of cyber risk mitigation they’re rather just paying the insurance premiums which are costing them dramatically exponentially more amounts of money but yeah pretty scary stuff too third point we’re seeing is a shift in targets, so previously we saw a lot of shifts or a lot of targets being the IT side of the house going after the large IT tech firms, but those targets are starting to shift into manufacturing again critical infrastructure hospitals really targeting those Achilles of the networks being the OT and IoT networks so devices that are black standards they or devices that are now on the network that they originally weren’t intended to be on the network and so those have a lot of vulnerabilities and issues that hackers are exploiting to get into those networks and start to move laterally across even back into the IT side of the house if it’s interconnected.  We’re seeing almost a 91% increase on manufacturing plants over the last year and 600 percent I think it was 605% increase on hospital attacks which is a double whammy considering COVID-19 and all the resources were spread pretty thin hackers were actually going after it thinking that hey limited resources we can try to find a weakness and make as much damage and exploitation as possible the fourth thing that we’re seeing is botnets. Botnets are simply just malicious code being run on a computer or a device unbeknownst to the user for malicious intent we’re seeing at the highest record level ever, so it’s over a 500% increase from the year before the terrifying thing that we’re seeing is that botnets are now specifically targeting critical infrastructure, so they’re the coding and the setup for these botnets are now going after weaknesses or exploits or DDOS (Denial-of-service attacks) to go after that critical infrastructure as well as hospitals in manufacturing entities The last trend that we’re seeing again is we keep a pulse on the dark web we’re seeing over a 600% increase in sensitive data appearing on the dark web the scary thing about this is it’s almost instantaneous by the time the hack is not even found out about but the time the data is stolen within minutes it’s appearing on the dark web open to the highest bidder, so this includes everything like attacks and supply chain manufacturing critical one frog governments data centers it’s just a honey pot of sensitive information as soon as that information is pulled it’s immediately available to the highest bidder in the dark web.

Audio Transcript Preetham intro by Damon The global risk report 2021 World economic Forum. It is a matrix of the top challenges, the world will face in the next 10 years. On the left hand side. You have the impact access. The higher it is rated the higher. The impact example, weapons of mass destruction. Is there obviously there was a weapon of mass destruction. We have a very high impact, infectious diseases up there to look at covid-19. And on the horizontal access is likelihood farther to the, right is the more likely it is farther to the left is less likely. So again, Ben’s a mass destruction, if you can see, it’s in the upper left. It’s very high impact, but low likelihood. We’re as infectious disease again, the latest endemic we’ve gone through and seem to be going through again. It’s up there, in the very upper right quadrant. And so that’s where you really want to focus as far as some of the upcoming challenges. If you see cyber security, failure is in the high impact, High likelihood cotton quadrant right there in the middle. So more than likely isn’t as we’ve seen over the past couple of years attacks. Exploits issues starting to ramp up. We’re going to see This more. So in the next 10 years to the tune of, it’s just going to keep going getting worse. Unless action is taken. So I think that’s a good segue to started to go to some of the market impacts what we should do, and then press them will talk a little bit more about kind of the trends that we’re seeing and some of the associated actions. Thanks. Preetham: Thank you so much for getting into the land and what the cyber threat landscape looks like in the operational Technology space rights of an alarming question. Every security leader in the industry is asking. How do I keep my secured historically most of my network which has a ton of integrated with Internet works. They have coming in cloud infrastructure coming and now we cannot say that are operational techno and IPL Hotel integrated infrastructure that coming across the industry verticals that you see anything sending everybody would have the Top 10 most popular types of attacks that the adversaries are targeting organisations to get recently that was one of the highest impact that we saw in 2021 JVS foods largest manufacturing company in the country were added to the water systems and the critical infrastructure definitely Hospital in 2020 is not seen the death this year. We seem quite a lot of Healthcare manufacturing organisations still continuing to build on their critical infrastructure. Controlling rights when we talk about visibility and zoning 11231. If you look at it says that 60% of the organisations are in the first phase of their resolution against a nucleotide based on a breach that has been occurred or based on a directive that has been provided by the board of directors their single the c-suite or something like the peace and security critical infrastructure and Standards that has been Limited industry 10% for PC is looking at tractor cyber resilience in their operational technology, which means I need to have Dedicated solutions that can look at my operational Technology historically, my country has been using vulnerability scanners Discovery asset inventory systems, and micro segmentation technology but that is not going to scale across my open network. So I need to have a view into both devices what OTA payments are communicating with what other out within the network and also how they are connecting with my it so clearly defining different Sone techniques have this ability across your is mounted a Soft Solutions that security l a going and trying out a conductive Pilots proof-of-concept are all in international detection of mitigation of just having one single approach is not going to scale companies historical. From TM difference having strong Firewall rules, the adversary S password using selective inventory using different the writer attack that clearly articulate. Now also has a dedicated focus on building the tactics techniques and procedures for in a work in progress along with the 12 controls that they already had other introducing some of them specific to the skeletal system specific to that. If its techniques that are being used for the network’s so that I directional automatic detection methodologies is something that critical the marking a rule based detection methods are good, but we want something more to you have the ability to Goa Dinosaur multiple sources, do you have the ability to print the behavioral model? What is mine anomalous behaviour of mining operation operation Technology ideas are communicating over a period of time and where do I need to take that call that this is how many different clearview is something busy differentiated layers of protection. So you need to have a different layers that can help you protect a lot of questions lot of comments people from our customer engagement. Is that why we want to protect the Crown jewels of our industry from My perimeter weather right now bring in real time protection and each of these things. Now you take it across the different zones or click play to production. Do I have 3 what is there on my 3.54 and understand this is looking at the coronavirus started looking. So there has been a constant debate that the traditional model may or may not exist anymore in the next 10 years. But at least for the foreseeable future, we will need to have a lot of those that can actually support their existing infrastructure and the context of their security. So likely it is that if I have a security mechanism for security pastor that is that has been deployed on my network for the last 20 30 years. This critical infrastructure network that’s not going to get so I need to know have

Audio Transcript Now when we talk about what is in it for 2021 and beyond we see that a majority expensive mentioned here majority of the critical of L business leaders are now this structure of an appeal that is still under progress, but I need to see some of the key indicators based on where exactly the European space on the top question that is being asked what are the top 3 best areas that you see in your in your top there is is building the operational stability of the company’s executive l responded that one of the areas where to put 2021 dancing are you are operational security journey also friends would be seeing this that majority of the organisation which In The Assassination of variable by the hockey security the organisations which are now deploying reactive based mechanisms are slowly moving into the face 56 which is more or not as more on having dedicated solution for 75% of those organisations today in the market. Are they expanding their risk management approach, expanding their OT and IoT cybersecurity real-time detection and medications printing plate fixation actually reduce their who were introduced the time that can actually have their analysts focus on their daily business problems rather than it security incidents of mitigating the security. Operational Technology Ooty market security market is going to grow at home in explanation greatest 33.7 535 $50 in 25 minutes. The organisations are heavily investing in Tera catered, OT and IoT security solutions and not rely on their existing security defence mechanisms that their threat intelligence security is something that is a new area of these are the ones which are driving the internet works over to see there is an adversary exploiting an existing vulnerability. What is the time? What are the mitigation and cloud function that I have in place of view of this and making an informed decisions when building your security strategy for your IT infrastructure for use against polio disease Network and then creating and integration methodology. Well, you can still use existing security incident management system source system to basically orchestrate that how that resonates with your existing security operation centre and not trivial solution. I can rely on a true intelligence that is actually helping me to address them. If you are going to take them or where I don’t have a to remediate them is one of the key things that we are going to sew a thing. Today current time Namak we will see about motor is coming along are there will be more such regulations more such standards like you right side of it has a cybersecurity v1.1 that clearly outlined what are the different controls that our industry leaders meet to adhere to 42 card networks and take it anymore. So that’s something that we all need to be aware of shareholders have a nice view on your internal structure with this would help reduce the town X reduce the is a very interesting to observe in the sea wind or not. There is still constitutionality connecting. The availability is the biggest it is we cannot afford an types we cannot for production for 12 to have a brand reputation so that I think I think this is a clear trend that we should keep your eyes open and what we need to do in the cybersecurity space today and popped open.

Audio Transcript The latest bill is going through, the government is a bipartisan bill, which means it has support on both sides of the house, which means more than likely it’ll pass and one way or another. It’s the Cyber incident reporting for the critical infrastructure act of 2021. It’s a mouthful, but a lot of individuals, most critical infrastructure companies, are looking at this with a fine-tooth comb because it’s going to create a new incident Review Office. This is underneath the Department of Homeland Security. But what is actually going to do is require critical infrastructure owners and operators to report cyber, what they were crossed by as major cyber incidents to their office. Now what exactly major cyber incidents’ classification is that still in flux, but what it’s going to do is create a Time, find Timeline period for which all incidents have to be reported right now. It’s being discussed. That this is a 72-hour window. There were conversations of a previous Bill coming through a 24. Right now, there are also no talks of any associated penalties, but that’s still on the table. Again. This is a bill, it’s not signed into law yet. Let’s, there’s a lot of these parts that are still in flux, but part of the notification of compliance to the agency. You have to identify the tactics, techniques, and procedures to be shared in the greater intelligence community. So they can do some recon to figure out some type of commonalities of major cyber events, as well as help mitigate future events to the office. One of the cool things that the new agency would be doing is actually publishing quarterly reports based on their observations and future recommendations are. But what I see is one of those most alarming points to this, is that the broad definition of critical infrastructure spans over 16 sectors and that’s still an open Point. As I mentioned to you, that the associated Point, there’s going to be penalties for failure to report and what the classification for the major incident is, but the third thing there is, what is classified, as critical infrastructure expands chemical manufacturing Commercial Energy. You can see on the slide there, Financial dams Transportation. Some make sense to water. And what do you classify as critical and The structure and manufacturing site? It’s a pretty broad definition by Nature. So we’re really interested in a lot of companies are very interested to see how that’s going to play out, how it’s going to impact them. One of the most important things that we recommend to our clients and our customers is to start to think about some of these points. Obviously going to identify those tactics techniques and procedures that seem to be a commonality of what needs to happen as well as sharing in almost real-time. When something transpires, there’s an attack that’s happened. So starting to plan that has real-time threat detection. Your OT and IoT networks. Seeing of course, if you’re contained within the critical infrastructure domain, but also start to get a firmer understanding of what’s out there and what your risk exposures are because this is coming hard and fast, but there is no definite timeline of when critical infrastructure and these have, to be compliant that’s still in flux too. But this is something we all want to take an open eye and look at.