Attacks against OT systems and critical infrastructure can have dire consequences for the lives and safety of both workers and consumers. For countless health and safety reasons, it’s vital to keep critical infrastructure running and secure. Despite this fact, the Fortinet 2021 State of Operational Technology and Cybersecurity survey found that 9 out of 10 OT organizations experienced at least one intrusion in the past year. The problem is that because IT and OT networks are increasingly interconnected, almost any access point could be a target to gain entry to the corporate infrastructure.

OT Environments Are Prime Targets for Ransomware

It is clear that attacks on OT infrastructure are not going to slow down. Among the OT organizations that participated in the survey, 58% reported phishing attacks, up from 43% the previous year. There also was an increase in insider breaches at 42%, which is up from 18% last year.

But that’s not all. The situation with ransomware has become worse, as well. According to a FortiGuard Labs Threat Research report, ransomware incidents increased nearly eleven-fold from 2020 to 2021. In OT, ransomware attacks aren’t just inconvenient and financially disturbing - they can also be extremely dangerous. And now that malicious cyber actors have carried out successful attacks on OT systems and critical infrastructure, they’re scaling it. Cybercriminals have figured out that profit from successful attacks is but a single campaign angle, as they can likewise profit from the reuse of tactics, techniques, and tools. Now, they resell their malware online as a service. In the past, only those with specialized knowledge had the skills to attack an OT system, but today, all an enterprising attacker needs is to buy an OT attack kit on the dark web.

Strategies to Secure Critical Infrastructure

The impact and consequence of attacks targeting OT platforms this year have been severe. Cybercriminals are determined and persistent, so staying ahead of threats demands a multifaceted approach. Clearly, OT organizations need to double down on implementing cybersecurity best practices.

Network visibility is a key component of any security strategy, but OT systems also require control and containment within the infrastructure to reduce the damage from an attack. Because of this, OT organizations should incorporate zero trust access (ZTA) into their security strategy. The zero trust network model ensures that an individual, application, or device only has access to the resources they need to perform their specific role or function and nothing more. ZTA strictly limits the range and level of engagement. This way, if a role or access privileges are compromised or behaviours are suspect, an attacker’s access to the OT network is restricted. OT organizations also should proportionally invest in behavioural analysis methods to quickly detect and neutralize any suspicious behaviour.

The Challenges Ahead Demand a Platform Approach

The dynamic security landscape and the threat challenges associated with IT and OT convergence are creating new challenges for OT organizations. To effectively secure critical infrastructure, CISOs require solutions that can span their entire IT and OT network environments with solutions that meet the needs of both sides of their organization.

Further, to gain complete enterprise visibility and control, OT organizations must deploy cohesive solutions across their converging IT and OT networks. A platform approach is essential for OT organizations since their security considerations must extend beyond the on-premises system. They must also cover the operating system, the network infrastructure, and take the increased dependence on enabled Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices into account.

security fabric approach goes beyond traditional security models. Instead of adopting point solutions that can lead to security gaps, a security fabric approach uses open standards and protocols to integrate all security activities into a single platform. OT organizations should put a proactive cybersecurity strategy based on a cybersecurity mesh architecture with security solutions that are designed to work together in place with a focus on visibility, control, and behaviour analysis. To safeguard critical OT systems, every point of connection to the outside world must be protected.

OT organizations that put comprehensive security policies in place give themselves an advantage over threat actors and can limit the impact of a breach. OT infrastructure is no longer benefiting from obscurity and the adoption of near-universal convergence of IT and OT networks implies traditionally isolated environments are no longer safe. Organizations must take proactive steps to harden OT environments, including integrating tools and practices designed to protect, detect, and respond to threats in real-time. Although attacks are inevitable, they don’t have to be successful. After all, cybercriminals certainly aren’t going to let up in 2022, and neither should you.

comment COMMENT NOW