In 2021, there were so many attacks on critical infrastructure that even the U.S. government pivoted to issue directives intended to address cyber protection and readiness. Unlike enterprise IT, OT organizations have much less flexibility when it comes to downtime; availability is crucial. Attacks against OT systems and critical infrastructure can have dire consequences for the lives and safety of both workers and consumers.
For countless health and safety reasons, it's vital to keep critical infrastructure running, yet according to the Fortinet 2021 State of Operational Technology and Cybersecurity survey, 9 out of 10 OT organizations experienced at least one intrusion in the past year. The problem is that because IT and OT networks are increasingly interconnected, almost any access point could be a target to gain entry to the corporate infrastructure.
It's clear that attacks on OT infrastructure are not going to slow down. Within OT organizations, 58% reported phishing attacks, up from 43% the previous year. There also was an increase in insider breaches at 42%, which is up from 18% last year.
The situation with ransomware is worse as well. According to a FortiGuard Labs Threat Research report, ransomware incidents increased nearly eleven-fold from 2020 to 2021. In OT, ransomware attacks aren’t just inconvenient and financially disturbing; they’re potentially dangerous. And now that malicious cyber actors have carried out successful attacks on OT systems and critical infrastructure, they're scaling it. Cybercriminals have figured out that profit from successful attacks is but a single campaign angle, as they can likewise profit from the reuse of tactics, techniques, and tools. Now they resell their malware online as a service. In the past, only those with specialized knowledge had the skills to attack an OT system, but now all an enterprising attacker needs is to buy an OT attack kit on the dark web.
The impact and consequence of attacks targeting OT platforms this year have been severe. Cybercriminals are determined and persistent, so staying ahead of threats demands a multifaceted approach. Clearly, OT organizations need to double-down on implementing cyber security best practices. They need to improve network visibility and incorporate zero-trust access, and behavioral analysis into a holistic solution strategy.
Network visibility is a key component of any security strategy, but OT systems, also require control and containment within the infrastructure to reduce the damage from an attack. OT organizations should incorporate zero trust access (ZTA) into their security strategy. The zero-trust network model ensures that an individual, application or device only has access to the resources they need to perform their specific role or function and nothing more. ZTA strictly limits the range and level of engagement, so if a role or access privileges are compromised or behaviors are suspect, an attacker's access to the OT network is restricted. OT organizations also should proportionally invest in behavioral analysis methods to quickly detect and neutralize any suspicious behavior.
The dynamic security landscape and the threat challenges associated with IT and OT convergence are creating new challenges for OT organizations. CISOs require solutions that can span their entire IT and OT network environments with solutions that meet the needs of both sides of their organization.
To gain complete enterprise visibility and control, OT organizations need to deploy cohesive solutions across their converging IT and OT networks. A platform approach is essential for OT organizations since their security considerations must extend beyond the on-premises system. Now they also must cover the operating system, the network infrastructure, and take the increased dependence on enabled Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices into account as well.
OT organizations should put a proactive cybersecurity strategy in place with a focus on visibility, control, and behavior analysis. To safeguard critical OT systems, every point of connection to the outside world must be protected. Cybercriminals certainly aren't going to let up in 2022, and neither should you.