A guide for management teams approaching cybersecurity
Increased connectivity is a double-edged sword for business leaders. While it does create new opportunities and simplifies many processes for organisations, it also enhances the cyber-attack surface, making networks more vulnerable to a breach. The convergence between IT and OT has created the perfect opportunity for threat actors to exploit weaknesses in security gaps within IT to access OT environments. OT is now a crucial part of modern culture, making it imperative that organisations prioritise OT security, especially considering any unauthorised access could lead to physical damage or even harm.
IT encompasses everything an organisation stores on its networks, from the crown jewels to sensitive information and data. Organisations must protect these assets to maintain a business advantage and meet current regulatory compliance efforts. OT is comprised of everything that a company produces or manufactures and everything within the work environment that transports employees around and keeps them safe. This includes oil refinery machines, elevators, manufacturing devices and even critical infrastructure. While there is a significant difference between the two, their interconnectedness complicates overall cybersecurity for many organisations as business leaders continuously search for new security options.
As OT devices are connected to IT networks, securing them grows increasingly challenging as OT teams typically lack the intricate resources and methods available to their IT counterparts. Consequently, threat actors can exploit IT network vulnerabilities, gaining a foothold in OT environments and moving laterally across devices.
OT devices and environments are a vital part of business continuity. Even a single disruption could lead to downtime and production loss. One need look no further than attacks such as WannaCry on the NHS (National Health Service), which led to the disruption of 34% of trusts throughout England; the ransomware attack on JBS Food that temporarily shut down food production in the US; and the attack on Colonial Pipeline, which led to fuel shortages across the country. These are but a few examples of the damage an attack on OT infrastructure can have.
In addition to dealing with monetary loss, business leaders face damaging their corporate reputation and, consequently, a loss in customers. As OT security now relies on IT security, organisations must ensure the same level of protection exists across both infrastructures to avoid a costly breach.
IT and OT teams and upper management should ask themselves the following questions:
IT and OT assets make up the largest attack surface, down to the lack of visibility. While many organisations have a profile of their IT assets, this ability does not extend to OT. Primarily because of time and cost constraints. Asset discovery could help solve this problem. Although organisations need to do more to keep up with attackers and their evolving techniques. They must track their IT and OT assets along with their characteristics to identify any abnormal behaviour.
By monitoring and logging activity, organisations can proactively analyse traffic and devices on their networks, identifying potential malicious behaviour before evolving into full-blown threats. As such, organisations should implement monitoring around the clock and manage detection and response (MDR), enabling them to analyse threats and respond accordingly quickly. Conducting a maturity assessment would complement this approach, enriching security logs either in real-time or during threat-hunting through passive and active scans.
In addition, organisations may choose to use Managed Security Providers (MSPs) to help their IT and OT departments identify vulnerabilities and prioritise their risk factors. This approach allows for issues to be patched as they arise and ensures business continuity. Using an MSSP also frees up time for internal teams to gain detailed insight into their IT and OT controls. It also allows them to better prepare for emerging threats.
Ultimately, securing both with management visibility. As they are no longer siloed, any security solutions and methods must span both infrastructures, covering all weaknesses. Cybercriminals will exploit any vulnerability they encounter, using it to move laterally. Therefore, comprehensive insight into network activity is essential for identifying and securing against threats. Attacks on OT infrastructure can lead to significant disruptions or even harm human life, making their security especially important. Cybersecurity is no longer an additional add-on but a managerial imperative.
