by Carlos Rodrigues, Vice President, Varonis
In recent months, the cybersecurity of industrial organizations has been under the spotlight following the release of several studies revealing vulnerabilities that pose a threat. The studies, conducted by Forescout, highlighted that as industrial organizations digitize their environments they also become more susceptible to cyber attacks.
The first research highlighted how attackers can now hold industrial networks, critical operating technology (OT) and Internet of Things (IoT) devices hostage through ransomware. Ransomware attacks have been growing in severity and frequency in recent years, and while most have focused on capturing data to disrupt an organization’s operations, security experts recognized that it was only a matter of time before attacks evolved and became more physical. The bad news is that this next frontier of cyber attacks is already among us.
Today, attackers can target an industrial organization through its corporate IT and then move laterally across the network, disabling security settings until they reach IoT and OT devices. From there, they can target the software behind the devices with precise denial-of-service (DoS) attacks that basically take them offline, both virtually and physically. To put this in context, this could mean that plant machinery is brought to a standstill, physical doors (which are virtually controlled) are sealed off, or air conditioning units are rendered inoperative, for example.
Worryingly, these connected devices exist in many industries, including healthcare, so it is easy to see the direct impact this can have on society if they are hit by an attack. This makes these attacks attractive to both cybercrime groups and individual hackers. So what is the solution? First of all, connectivity is here to stay. The benefits it offers industrial organizations are endless, from improving plant security to reducing costs and increasing efficiency.
However, this does not mean that every device within an industrial plant needs to be connected to the web. The first step that organizations need to take is around discovery and analysis to understand which devices are connected to the Internet and whether they need to be. Often, devices are connected for no real reason. This needs to be addressed and any devices that do not need this additional connectivity should be disconnected.
For devices that require automation and Internet connectivity, industrial organizations must establish a way to reap the benefits of this modernization with security being routinely incorporated. The best way to achieve security is through visibility improvements. It is impossible to secure what you cannot see, so industrial organizations must ensure that all devices connected to their networks can be seen and secured. When internal resources to detect and mitigate threats do not exist or are limited, organizations can turn to vendor services.
Industrial cybersecurity is critical today because attackers have all the tools in their arsenal needed to carry out devastating attacks. However, by conducting assessments to understand threats, using automated tools to improve security, and bringing in assistance to help remediation, industrial organizations can stay one step ahead while keeping their critical networks and processes safe.
*** Translated with www.DeepL.com/Translator (free version) ***