By Willi Nelson, Fortinet field CISO for OT
The transition from air-gapped environments to the interconnected world has had an unintended consequence: operational technology (OT) products are now more frequently targeted for cyberattack and exhibit higher risk.
Researchers from FortiGuard Labs recently took a deeper look at data gathered from billions of events worldwide to get a better picture of what’s happening in this space, and learn more about what organizations can do to combat rising threats.
Vulnerabilities on the rise
As attackers continue to focus on the expanding attack surface, the digital convergence of OT and IT remains a crucial attack vector. In another recent report produced with Smart Industry, Smart OT Cybersecurity: From C-Suite to Strategy, nearly 60% of these respondents also revealed that their organization suffered at least one breach during the past 12 months, with 10% experiencing four or more.
OT products are highly targeted. When examining OT vulnerability trends explicitly, in-the-wild exploits were observed across a wide range of devices and platforms, highlighting the cybersecurity realities of growing IT and OT convergence and the disruptive objectives of attackers. For example, 24 zero-days were found and reported by researchers in one vendor’s products in May of this year—and they were hardly alone. No vendor seems to be immune. There were already 56 vulnerabilities that OT: ICEFALL reported earlier this year that affected OT devices from 10 different vendors.
Many OT devices are considered insecure by design. It’s expected that most OT devices operate on secure or private networks with default trusted access enabled (air-gapped). Because their objective is to improve the system’s efficiency, designers frequently operate on this assumption when launching new hardware or software. But the design process frequently lacks security because it’s focused on function. There are just too many examples of these built-in vulnerabilities being used to launch actual attacks. That’s why it’s crucial to keep OT security in mind at all times.
What OT organizations need to do to stay secure
Assessments: Organizations can use services like a digital risk protection service (DRPS) to conduct external surface threat assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats.
Endpoint security: Make sure you have solutions to help secure your endpoints, from vulnerability and patching to anti-exploit technologies. This can help address your need to detect and protect against zero-day vulnerability attacks.
Training & patching: Get regular cybersecurity training to learn and then reinforce that learning. Stay current on threat information to help you prioritize the patches needed to secure your environment.
Centralized data, analysis and response: Finding a needle in a haystack is what catches the most sophisticated attacks, which is to say that security is a big data challenge. The key to thwarting these attacks is detecting and correlating data from the network, cloud and endpoint.
Zero-trust network access: One of the most effective things you can do to limit the scope of a breach is to more precisely control access to application devices and networks.
Machine learning-based security technology adoption: Machine learning (ML) is a game changer for all industries, including cybersecurity. ML has been woven into many products, including endpoint, cloud and network-based solutions, allowing users to better capture the rapid changes in the threat landscape and triage and prioritize security incidents.
OT security as a priority
OT environments are compelling targets for attackers seeking any inroad into the IT/OT convergence and the growing attack surface it represents. As OT threats increase in number and sophistication, organizations can fight back with a comprehensive security strategy that includes OT from the outset rather than after the fact.
