There has been a notable rise in cyberattacks during the years 2020 and 2021–coinciding with the pandemic. There is increased risk due to the fact that critical infrastructure are being targeted, such as the ransomware attack against Colonial Pipeline, as well as food production capabilities like JBS Foods and NEW Cooperative. According to Gartner, attackers will be able to successfully weaponize cyberattacks into actually killing or injuring humans by 2025.
Such high-profile attacks against industrial systems have mostly been targeting facilities in the United States, although these can hit anyone at any time. In some regions, many industrial facilities still run on legacy systems, which can exponentially increase their attack surface. Such legacy systems are simply not able to catch up to the emerging cyber threats of today.
Some nations have already started updating their cybersecurity strategies to ensure the safety and security of citizens and critical infrastructure. For example, Singapore, which has set itself apart as a major financial and strategic center in the Asia Pacific region, has established an operational technology (OT) Cybersecurity Competency Framework, which is aimed at providing organizations the guidelines, skill sets, and technical competencies to ensure proper management of risks in such environments.
Visibility, monitoring, and convergence toward better security strategies
In the event of a security attack, organizations can only act on what they know, as it is difficult to make an assessment of risks and eventualities that are unknown. One disadvantage of this is that organizations may take extreme measures in the event of an attack. For example, an organization might shut down its IT assets or operations in the face of such risk as a precaution.
Given this situation, an organization is assumed to have adequate business continuity and disaster recovery plans to minimize losses–such as in the case of system lockdown due to ransomware.
However, the lack of visibility into the systems that may be affected, as well as their dependencies, means that the organization is limited in understanding the extent of exposure. This also limits the ability to make the proper decisions and act confidently in mitigating the impact of the attack.
Here are a few strategies that can enable organizations and enterprises to protect their networks and environments:
- Ensure deep visibility into one’s network. This requires a thorough and accurate view of network endpoints, structure, and connectivity paths. This will provide a current inventory so that IT managers can ensure adequate patches, system verifications, and even adequate compensating controls on potentially legacy or unsupported systems.
- Assessment of data exposure. Given the importance of data in today’s business environment, there are regulatory and compliance concerns when it comes to business and user data. It is therefore incumbent upon organizations to ensure adequate database security risk assessment to address potential gaps in data integrity and security.
- Continuously monitor the network. This enables organizations to see the potential entry by bad actors and thus address the potential threats faster.
- Ensure secured remote access. This includes utilizing multifactor authentication for endpoints, particularly given the prevalence of remote working arrangements brought about by the new normal. Other strategies include role-based access, least-privilege access, as well as session-controls when providing offsite access to operational environments. This substantially minimizes the threat surface when dealing with remote workers.
- Encryption. This should involve data both at rest and in motion, in order to increase resilience against cyber threats like theft and ransomware.
- Network segmentation. Operational environments can achieve reduced threat surfaces by segmenting networks and access amidst today’s hyper-connected environments. Short of air-gapping one’s network, this minimizes lateral network movements by potential attackers.
- Convergence under security operation center (SOC). This strategy involves combining information technology (IT) and operational technology (OT) to increase visibility and ensure a holistic approach to risk management. While separately, these can be dealt with using a compliance-based approach, the SOC approach will introduce a shift toward a threat- and risk-based framework.
Collaboration and innovation toward sustainable solutions
One serious threat to operational environments is the risk of ransomware, which has seen increased prevalence in 2021. According to Statista, at least 68.5 percent of organizations have fallen victim to ransomware in one form or another this year.
Increased digitalization only means that attackers have a larger pool of victims to target. This also means that attackers can reuse their strategies across these potential victims, and thus result in more disruption to operations. Not only can this negatively impact the bottom line, but as Gartner predicted in the above-mentioned research, cyberattacks will eventually result in human deaths and injuries.
For example, recent attacks have shown the diverse nature of the targets, which means potential disruptions to our ways of life. There are attacks on Colonial Pipeline and JBS Foods, which were ransom demands. Meanwhile, the SolarWinds supply chain attack proved the potential to control critical infrastructure and exfiltrate critical data.
Another such example was the water treatment facility at Oldsmar, which attempted to poison the community’s water supply. Fortunately, that incident had been thwarted, or it could have resulted in deaths or serious injury.
The significance of the targets only means that attackers have grown in their resourcefulness and capabilities. Thus, there needs to be collaboration in order for more impactful and sustainable solutions against such cybercrime can be achieved.
At present, individual organizations service critical parts of our life–food, fuel, water, transportation, electricity, etc. However, stakeholders, which include public sector entities, the private sector, and others, need to work together to adequately address cybercrime issues like ransomware and command-and-control attacks.
Operationally, this means the private sector should provide technologies and innovations to strengthen cyber defenses and enhance resilience. The public sector must, meanwhile, incentivize such behaviors toward cyber resiliency and collaboration among private sector organizations.
Some practical examples would be mandating better and more timely reporting, providing tax incentives toward cybersecurity measures, and fostering knowledge-sharing among private sector players a well as the public sector. These will ensure better institutional knowledge that will help build capabilities and resilience against adversarial actions and actors who may be utilizing similar or same attach methodologies.
The key ideas here are visibility and collaboration. Attackers thrive on their victims being in the dark, not knowing their risks and capabilities, and not having the adequate support structure toward achieving cyber resiliency. We are at the cusp of finding ourselves potentially seeing deaths and destruction due to cyberattacks. It’s time to better collaborate because our lives literally depend on it.