What you need to know about operational technology risks and how to stay secure.
Cyberthreats have increasingly become more sophisticated over the past decade, with Asia-Pacific being the most attacked region in the world. In 2022, the region saw the highest number of incidents at 31%, according to an IBM report. Of that, the manufacturing industry topped the list, contributing to close to half of all cybercrime cases. In the past, managing cybersecurity was known to be the role of software engineers. However, the evolution of technology has made cybersecurity everyone’s responsibility.
Particularly in industrial automation, the convergence of IT and operational technology (OT) has resulted in a new digital ecosystem. The Internet of Things (IoT) and big data analytics have played a key part in productivity and efficiency in the last decade, improving business processes and providing insights that were not visible before.
While technology has transformed industries, it can be damaging if not kept secure. A few incidents in particular marked some of the key moments in history where the impact of cybercrime went beyond business’ bottom line. One example is when a Saudi Arabian oil company was attacked by Triton, a malware that was deployed into an OT environment to change the parameters and disable the safety system of an oil refinery, causing significant operational impact. Other recent OT-targeted cyberattacks in the region include a car manufacturer that experienced a data breach in leaving customer details unknowingly exposed to third parties for up to five years. The New Zealand government was not spared either, when in late 2022, access to its data and systems were compromised, revealing citizens’ health data.
Such incidents shouldn’t be surprising, as Gartner has already predicted that cyber attackers will have weaponized OT to successfully harm or even kill humans. Furthermore, 75% of CEOs will be held liable for cyber-physical security incidents by 2024. Indeed, cybercrime in OT can be detrimental for an organization, and it is no longer limited to the financial accounts of a company. People’s lives are at stake and organizations need to start taking a stand for their employees in a responsible manner.
Managing security challenges for industrial networks
IT deals with everything to do with information, while OT is the technology behind machines. From supervisory control and data acquisition (SCADA) systems, programmable logic controllers (PLCs), HMI to other specialized applications that play a role in monitoring, controlling, and automating processes, as well as in the manufacturing line across industries, OT requires reliability and integrity of a system and focuses on real-time information, where uptime is crucial. As such, creating a secure digital environment requires both IT and OT teams to work together.
For many enterprise networks, there are a few areas in the OT architecture that can become security loopholes.
Furthermore, cybersecurity breaches can be a very costly affair. Organizations that do not invest in cybersecurity may end up losing millions of dollars, not to mention exposing their employees to potential danger. By 2025, it is estimated that the cost of cybercrime will reach $10.5 trillion globally, according to the 2022 Official Cybercrime Report by Cybersecurity Ventures.
Securing OT systems for the long run
Most organizations are not prepared, and results can become catastrophic.
Instead of risking the possibility of cyberattacks, organizations should take the proactive step to mitigate any potential attacks. They must adopt a holistic and proactive approach by leveraging a practical and reliable framework that works for OT. A widely adopted go-to model is the NIST cybersecurity framework – Identify, Protect, Detect, Respond and Recover. A framework helps with standard practices and effective communication with leadership justifying ROI, across the organization internally and also with external stakeholders such as regulatory bodies.
The next important thing is to drive asset visibility. If we do not know what we have, we will not be able to protect them adequately. Knowing your assets and identifying their vulnerabilities can help you more effectively know current state, prioritize actions based on the criticality of the asset, and develop a roadmap for defensible architecture.
Particularly in today’s business environment, where remote work and remote access to systems have become a norm, keeping an airtight security network is more important than ever. Not only do employees need access to IT networks, but their access to OT and other cyber-physical systems is integrated into their mobile devices, which means having an added layer of security is imperative.
Of course, ensuring that employees are kept up to date with the latest in technology through regular training and education is just as important.
Building long-term partnerships with cybersecurity experts
Cyberthreats are everywhere, and there’s no better way to stay in the know, than by partnering with experts in the field. Engage regularly with industry peers to share industry best practices and stay informed about emerging threats.
One of the ways organizations can safeguard and enhance their security posture is by collaborating with security specialists like Rockwell Automation and Claroty, our Technology Partner.
With Rockwell Automation’s 100+ years of industrial experience, OT knowledge and capabilities with an approach based on standards like the NIST, together with Claroty’s OT visibility, threat detection and secure remote access platform, we have the know-how and experience that spans across industries. As specialists in industrial control systems security, Claroty’s deep packet of inspection capabilities and full spectrum visibility can help organizations run a thorough check for any loopholes and challenge traditional security approaches.
When it comes to cybercrime, prevention is always the better solution. Every second of delay is a second won for cybercriminals.
To find out more, contact our Industrial Cybersecurity Services team to discuss the next steps to take in delivering proactive threat detection and security protection across your enterprise. Additionally, find out how Claroty’s purpose-built solutions identify, protect, monitor, and optimize all your critical assets.
