Modern Strategies to Combat Cyberattacks on Operational Technology

essidsolutions

While last year saw a substantial increase in new vulnerabilities across the board, one category, in particular, witnessed dramatic growth. Justin Berman, the technical director of Skybox Security, shares upgrades tools and strategies to help operational technology battle cyberattacks better.

Threat intelligence researchers from Skybox Security observed an 88% increaseOpens a new window in operational technology (OT) vulnerabilities, nearly doubling from 2020. While this is partly because researchers are now actively identifying OT vulnerabilities, this also means that threat actors are also working to exploit these sensitive, mission-critical assets. How can enterprises improve their security posture and guard against persistent, intelligent threats? How can a culture of proactive, data-driven security be fostered to shield exposed vulnerabilities? 

Already in 2022, several government agencies are warning of malwareOpens a new window nicknamed “Pipedream” designed to manipulate and disrupt industrial processes by hacking industrial control systems (ICS). This warning comes on the heels of monumental attacks in 2021, including: 

  • The Colonial Pipeline attack resulted in the largest pipeline in the U.S. going offline for days.
  • An attack on the largest meat processing company JBS took down operations at several meatpacking plants.
  • A hack on a Florida water treatment facility aimed at poisoning water supplies.

In all of these cases and many other OT security incidents, adversaries gained initial access through compromised assets. Then, moved laterally to access sensitive OT assets. The lateral movement would have been blocked if proper network segmentation had been deployed. It’s thus crucial to shield your OT environment with special care in an environment with dispersed assets, diversified devices and threat players constantly evolving their strike techniques.

Organizations With OT Environments Underestimate Risk of Attack

Just as evil thrives on apathy, hackers will continue to exploit OT vulnerabilities as long as inaction persists. In a 2021 survey of OT security leadersOpens a new window , 56% of all respondents are highly confident that their organization will not experience an OT breach in the next year, yet 83% said they had at least one OT security breach in the prior 36 months. 

For years, security experts have warned of increasing vulnerabilities threatening critical infrastructure. In the past, these systems were air-gapped or connected only to isolated internal networks, making them inaccessible to external threats. Today, many OT systems are connected to more extensive IT networks and the internet itself. Much of this networking was accelerated by the need to allow for remote management due to the pandemic and took place with limited security oversight or consideration. With hybrid workplaces on the rise, more vulnerabilities emerge. Going “deskless” often comes with the added concern of a wider network and attack surface – a more spread out operational mainframe and thus, it demands greater care in protecting all possible points of attack.

As OT and IT networks continue to converge, threat actors are ramping up efforts to exploit vulnerabilities in one environment to reach assets in the other. Malware is increasingly being designed to exploit both IT and OT environments. Many OT attacks begin with an IT breach, followed by lateral movement to access OT assets. Threat actors also use OT systems as the first step to getting into IT networks, where they can exfiltrate data, launch ransomware attacks, and conduct other exploits. IT teams need to become a lot more mindful of the OT assets. Once attackers have access, the enterprise ship has already been surrendered, and all data is suddenly at risk. 

Exposure Risk Hides in the Labyrinth That Connects IT and OT

Many OT systems are hard or impossible to scan. As a result, many security engineers feel helpless because they cannot see across their OT infrastructure. Without shared visibility across IT and OT networks, everyone ends up flying blind in the dark, struggling to prevent and predict cyberattacks.

OT security stakeholders can leverage non-intrusive methods for OT vulnerability discovery and remediation to illuminate a new path forward. By correlating asset information from configuration management database parsers and patch management repositories with threat intelligence, it is possible to discover non-scannable assets. 

See More: Operational Technology, IT and Cross-Pollination of Opportunities and RisksOpens a new window

Mitigate IT/OT Risk With Options That Go Beyond Patching

To execute a truly data-driven approach to proactive cybersecurity, it is critical to remember that exposed vulnerabilities are the root cause of breaches. In reality, the “patch everything” strategy is a monumental waste of effort because just a small percentage of your assets are actually exposed to a cyberattack. Security teams need to look beyond the patch approach and finds ways that are a lot more proactive, data-forward and OT-centric. 

Once exposed vulnerabilities are identified and prioritized, the next step is to choose the best option to remediate risk effectively. Remediation choices that go beyond patching are important because OT environments can’t experience downtime. Remediation options that go beyond patching can include:

  • Applying IPS signatures.
  • Modifying access rules.
  • Making network segmentation adjustments to block attack paths.
  • Optimizing firewall policies. 

Cybersecurity Is a Choice

When asked by another Skybox Security studyOpens a new window what barriers they face to making security program improvements, 40% of security stakeholders said OT is an afterthought to other digital initiatives. OT security is a minimum of 10 years behind IT security, with many just now considering centralizing and managing firewalls. Albeit a move in the right direction, this is still worrisome. Threat actors are planning smarter attacks as we speak, and their obvious aim is to target those operational vulnerabilities that affect the most spread put systems. 

If the events so far tell us anything about cybersecurity, it is that you cannot win using yesterday’s tools. Upgrading mindfully is a choice enterprises must make. The cost of outdated protection is just too high to bear and recover from. Record-breaking new vulnerabilities, rising OT security risks, and the ever-expanding attack surface demand a new approach to vulnerability management. With these modern vulnerability management strategies, you can flip the script from firefighting to prevention. Now is the time to advance beyond scattershot, short-term fixes to comprehensive risk scoring for targeted, continuous risk reduction.

How are you identifying and addressing threats to your OT systems? Let us know on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . 

MORE ON CYBERATTACKS: 

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA