As the holiday season looms closer, cyber threats such as IP theft, data leaks and theft, denial-of-service, malware (opens in new tab)and ransomware are expected to increase as cybercriminals look to catch businesses at their most vulnerable. What’s worse is that the Christmas period is often fruitful for threat-actors looking to catch businesses off-guard. When it comes to protecting critical infrastructure, especially industrial control systems (ICS), operational technology (OT), manufacturing floors and supply chains, organizations will have to drastically ramp up their security defenses to avoid a costly breach.
More recently, the Internet of Things (IoT) has spawned the Industrial Internet of Things (IIoT), which deploys technologies to factories, logistical processes, manufacturing floors, supply chains and more. Considering the fact that ICS environments use these sorts of devices and systems, they are especially at risk of being targeted? Why? Because these infrastructures are critical for human safety on an everyday basis, making them an extremely attractive target for threat actors. As such, it is critical for organizations to remain vigilant, even over the holiday period, and ensure they have the right security defenses (opens in new tab) in place to protect their data and users.
What threats are businesses facing over the Christmas period?
As ICS environments use certain OT components that are connected to information technology (IT), this creates a path for cyber actors to pivot between the two. Considering the fact that critical infrastructure is vital to national security, these infrastructures are incredibly vulnerable to breach and exploitation.
What’s more, many ICS networks still rely on legacy technology or hardware that is no longer compatible with modern security controls and access management systems. This reduces visibility across devices and makes them more susceptible to attempts to damage or disrupt their networks and systems. Add to this the rising threat of ransomware and insider threats, businesses are struggling to adequately secure their devices and networks. Without sufficient security and preparation, businesses ultimately face costly downtime and critical service failures.
What happens if organizations are targeted and things go wrong?
Successful attacks against any critical national infrastructure can have devastating effects. We need look no further than the breach of the US Colonial Pipeline, which halted business operations for several hours, or the attack on People’s Energy during which an entire database of 270,000 customers was stolen.
The most high-profile attacks, however, were those on the Ukrainian power distribution company Kyivoblenergo in 2015 and that on SolarWinds just last year. During the former, 250,000 customers lost power for several hours after threat actors gained access to the company’s computers and escalated their own privileges. The SolarWinds hack, on the other hand was a supply chain attack against the Orion platform, that resulted in malware being launched onto company systems. More worryingly, this attack also infiltrated customer networks, including government agencies like the Department of Defense, the Department of Justice and the Department of Homeland Security. Disruption to business operations can be dire when it comes to critical national infrastructure, as people’s health and safety can be put at risk and entire supply chains can come to a halt.
How can organizations secure their critical systems?
The first step to protecting critical systems is preventing unauthorized access to the network and implementing defense-in-depth security controls for people, process and technology. This must be done by looking to authentication and authorization tools that enable organizations to verify users and their devices every time they attempt to gain access. In addition, organizations should implement real-time monitoring of their critical infrastructure systems, as this is crucial to detecting and preventing threats in real-time.
organizations can follow the following five-step security process:
- Define the network: With the constantly evolving attack surface and threat landscape, it is becoming increasingly difficult to protect networks and devices. Therefore, it is crucial to define the vulnerable attack surface, whether this involves the business’ most critical applications, data or services.
- Map networking traffic: organizations should make sure to map the flow of traffic that accesses their networks and document it to ensure complete visibility.
- Architect the network: Cybersecurity should be mapped to the organization’s needs. This should start with a firewall that allows an organization to segment or one that provides a micro-perimeter around network traffic. This is an important part of creating additional layers of access control and enabling deeper network inspection.
- Create a security policy: This is vital for granting access to the correct people and devices. As such, businesses can define which users can access which resources, where they should be accessible from along with any additional enforcements to guarantee only legitimate traffic through the network.
- Monitor and maintain the network: Lastly, organizations should ensure that their network is continuously monitored and logged. This will give them ongoing insight into network activity and enables businesses to prevent unauthorized users and devices that could pose a threat to business operations.
Over the holiday season, all organizations should ensure that their security defenses are up and that they stay alert. Just because the world may appear to be taking a break, threat actors will be taking the opportunity to strike, not taking any time off and expecting to meet no resistance. Therefore, it is essential for organizations to have security defenses in place to prevent any unauthorized access compromising business operations while their attentions are elsewhere – this is the only way to sufficiently protect the supply chain.
- Here's our rundown of the best identity theft companies (opens in new tab) out there
Sachin Shah, Chief Technology Officer for Operational Technology & ICS, Armis (opens in new tab)