Organisations are now faced with the extremely difficult task of attempting to protect their expanded digital estate from increasing cyber threats. The cloud and a mobile workforce have expanded the boundaries of your estate beyond the physical network. Your data, users, and systems are everywhere; a good example would be during the COVID-19 period, which established a precedent for embracing remote work across industries. The evolution of our day-to-day operations has increased the risk of cybersecurity threats.
COVID-19 had a significant impact on industries. For example, restrictions on people being able to work together effectively halted many operations, forcing businesses to invest heavily in protective gear for their employees. Furthermore, businesses had to embrace technology in order to maintain productivity levels. Manufacturing, automotive, assembly, and pharmaceutical industries have thus implemented technology aimed at increasing productivity while also ensuring safety. This technology is known as operational technology (OT). Primarily, these industries are air-gapped, which means they aren’t usually connected to the outside world through the internet, and as a result, technology security hasn’t always been top priority.
To add to that, 68 per cent of executives polled in a 2021 Ponemon Institute Report stated that adding IoT and OT devices to their environments is critical to innovation and growth. According to the same survey, only 30 per cent of them have visibility of all the devices they currently own. With the acceptance of IoT and OT to improve efficiency and productivity, comes an associated risk around technology security, which adversaries have been waiting to exploit.
At the intersection of IoT and OT, cracks in how industrial operators approach cyber security start to show. As IoT/OT devices become more integrated into business operations, they serve as entry points for malicious actors, allowing them to infiltrate entire networks. A good example of this would be the Triton attack on a petrochemical facility, which had a fatal goal. It was not intended to simply destroy data, but rather to sabotage the firm’s operations and cause an explosion.
In this case, the attackers gained access by stealing credentials for a remote corporate workstation and then proceeded into the chemical plant’s operational technology environment with the goal of disabling the safety controls and triggering an explosion.
In recent years, these attacks have evolved, with adversaries gaining access to cameras and Voice over Internet Protocol (VOIP) devices, disrupting operations in buildings that have adopted smart automation. Ransomware attacks are even being used to shut down global food processors. These clearly demonstrate the risk and importance of not only securing IoT and OT but also the need to be wary of the convergence of IT and OT.
So, what should CEOs or Chief Information Security Officers (CISOs) do to keep their organisations safe? Well, first and foremost, always maintain visibility into your environment. As the information security maxim goes, “you can’t defend what you don’t know exists.” Investing in an endpoint solution that covers your IT environment as well as an OT security solution to perform inventory discovery is critical for determining your current landscape. Furthermore, this can help map out the convergence between both layers (IT and OT) and aid in quick investigations whenever threats arise.
Second, the solutions you invest in will necessitate vulnerability management capabilities on both the IT and OT layers. Identifying common vulnerabilities in your devices and staying up to date on recent threats/vulnerabilities will allow for quick remediation to ensure your environment is safe. Simple flaws, such as unpatched devices, have had major ramifications in industries, and this can be identified early enough before adversaries exploit it.
Third, make sure you have a unified view of your IT and OT environments. CISOs have invested in secure information and events management solutions, which provide them with a consolidated view of security events from all areas including the network, devices in the environment, devices in the manufacturing plant, and so on. Having this perspective will allow for a better investigation process and better action to mitigate threats if an issue arises.
Locally, where we have many industries, including manufacturing, assembly, and food processing, the risk is real. Furthermore, with Nairobi regarded as the city of the future and having embraced smart buildings and other smart operations, technology adoption is in play and as a result, some of the scenarios mentioned have the potential to impact us.
We live in exciting times, which highlights the value of gaining security visibility into OT environments. The lengths to which adversaries will go can have a negative impact on our organizations’ safety, intellectual property, and even bottom lines. We must maintain vigilant.
Article written by Sean Wasonga, Senior Product Manager, Cloud Security, Microsoft