Nothing in cybersecurity stays still for long
2022 intensified the Digital Transformation in OT (technology that interfaces with the physical world) and Industrial Control Systems (ICS) environments even further. Partially driven by the pandemic aftermath and the need for more efficient and resilient supply chains, this has resulted in greater Cloud data aggregation – which is not the typical environment for OT and ICS. The pressure of these trends, combined with staffing challenges and developments in overall world security, are likely to persist and cause further disruption in the year to come.
The old and the new
The need for data analysis has led to legacy OT systems being connected to IT systems, exposing new security risks. Most industrial installations require specialized knowledge and staff, so they’re managed by the manufacturer, with some using manual or remote access methods. Devices with increased remote operations are exposing new entry points to attackers and criminal activity.
New IoT programs have added direct enterprise network connections, making real-time security enforcement crucial. Organizations need a security solution covering connected devices across industrial, IT, and cloud environments. Thankfully, continuous monitoring and Zero Trust can fill the security gaps left by the changing system interconnectivity, and careful monitoring, insight, and actionable alerts can help mitigate further risk by default.
A natural evolution
Digital transformation is powered by cloud and SaaS technology and is fueling the change in the landscape. Due to complexity, industrial environments have been slow to adopt new technology, but COVID-19 has made on-site management difficult. Vendors now offer different cloud options like private, public, or hybrid. New competition is arising from digital native players, so companies must strategically integrate legacy systems with new technology to stay competitive.
Skills and staffing
The use of Managed Security Service Providers (MSSPs) is becoming prevalent due to the shortage of cybersecurity talent and the challenge of OT security expertise. With 64% of SOC analysts allegedly leaving their jobs in 2023 [InfoSecMag], companies will need to outsource even more of their security to external parties.
To efficiently integrate IT/OT, organizations and MSSPs will need to find technologies that provide maximum efficiency, automate, and streamline tasks to improve response times. In the future, behavior pattern detection and machine learning will play a big part in monitoring any changes to an organization’s IT/OT security vulnerability, offering constant security support and clear guidelines for immediate action upon any compromise.
More and more vulnerabilities
The number of published vulnerabilities is increasing due to the Internet’s exposure of older systems, and this is a big worry for IT/OT systems. In Q1 last year, over 8,050 new vulnerabilities were published [NVD Database], a 25% increase from the previous year. Effective asset vulnerability management requires a real-time, continuous evaluation of vulnerabilities and risk prioritization based on business criticality. It will require continual program management of device and vulnerability lifecycles and quick evaluation of the business impact of new high-severity vulnerabilities in order to keep devices safe.
Governments see trouble on the horizon
Terrifyingly, according to Gartner, Inc., by 2025, nation-state bad actors and cyber attackers will have successfully weaponized OT environments to harm humans.
The US government has taken steps to enhance its own cybersecurity posture. This includes executive orders to modernize the federal government’s digital infrastructure and substantial nationwide investments in a bipartisan infrastructure bill. The Cybersecurity and Infrastructure Security Agency’s (CISA) top priority is improving the security and resilience of OT and digital devices used in industrial processes (ICS), with ICS-CERT delivering a regular security bulletin on the matter. Recent events revealed advanced persistent threat (APT) actors have developed custom tools specifically to scan, compromise, and control ICS and supervisory control and data acquisition (SCADA) devices.
The European Union Agency for Cyber Security, ENISA, performs a similar role on the European continent. Organizations eventually recognize that converged OT/IT/IIoT security demands proactive risk management. Governments are intensifying their efforts to reduce risks, making now a crucial time for platform investments that secure and drive businesses.
Meeting the problem together
Technology investments should aim to be complete, continuous, intelligent, and automated to meet the demands of OT connectivity, the shortage of skilled OT SOC analysts, and the fast-evolving attack landscape. They should provide full asset visibility across the enterprise’s entire attack surface, real-time awareness of asset connections and behaviors, the ability to prioritize vulnerabilities and incidents, and faster threat and operational event response through automation.
The choices for security and risk management leaders have grown as new vendors emerge, but we at TrueFort are proud to be partnering with the team at Armis in creating the complete solution to give security leaders a clear understanding of their current IT/OT posture. As experts in our respective fields, we are better together. Our solution sets us apart as the leaders in protecting, detecting, monitoring, and repairing the IT/OT landscape – meaning our customers can take immediate and clear action should any breach arise and feel safe in the knowledge that they have two industry experts guarding their backs.
Together, TrueFort and Armis now offer a unique platform for asset and business intelligence, specifically designed to tackle the security challenges posed by the growing number of connected devices, sensors, and applications – the first of its kind in the industry.