2021 saw several attacks on critical infrastructure, which resulted in the U.S. government pivoting to issue directives intended to address cyber protection and readiness. Unlike enterprise IT, OT organizations have little to no flexibility when it comes to downtime - availability is crucial.
Attacks against OT systems and critical infrastructure can have dire consequences for the lives and safety of both workers and consumers. For countless health and safety reasons, it's vital to keep critical infrastructure running and secure. Despite this fact, the Fortinet 2021 State of Operational Technology and Cybersecurity survey found that 9 out of 10 OT organizations experienced at least one intrusion in the past year. The problem is that because IT and OT networks are increasingly interconnected, almost any access point could be a target to gain entry to the corporate infrastructure.
It is clear that attacks on OT infrastructure are not going to slow down. Among the OT organizations that participated in the survey, 58% reported phishing attacks, up from 43% the previous year. There also was an increase in insider breaches at 42%, which is up from 18% last year.
But that’s not all. The situation with ransomware has become worse, as well. According to a FortiGuard Labs Threat Research report, ransomware incidents increased nearly eleven-fold from 2020 to 2021. In OT, ransomware attacks aren’t just inconvenient and financially disturbing - they can also be extremely dangerous. And now that malicious cyber actors have carried out successful attacks on OT systems and critical infrastructure, they're scaling it. Cybercriminals have figured out that profit from successful attacks is but a single campaign angle, as they can likewise profit from the reuse of tactics, techniques, and tools. Now, they resell their malware online as a service. In the past, only those with specialized knowledge had the skills to attack an OT system, but today, all an enterprising attacker needs is to buy an OT attack kit on the dark web.
The impact and consequence of attacks targeting OT platforms this year have been severe. Cybercriminals are determined and persistent, so staying ahead of threats demands a multifaceted approach. Clearly, OT organizations need to double down on implementing cybersecurity best practices.
Network visibility is a key component of any security strategy, but OT systems also require control and containment within the infrastructure to reduce the damage from an attack. Because of this, OT organizations should incorporate zero trust access (ZTA) into their security strategy. The zero trust network model ensures that an individual, application, or device only has access to the resources they need to perform their specific role or function and nothing more. ZTA strictly limits the range and level of engagement. This way, if a role or access privileges are compromised or behaviors are suspect, an attacker's access to the OT network is restricted. OT organizations also should proportionally invest in behavioral analysis methods to quickly detect and neutralize any suspicious behavior.
The dynamic security landscape and the threat challenges associated with IT and OT convergence are creating new challenges for OT organizations. To effectively secure critical infrastructure, CISOs require solutions that can span their entire IT and OT network environments with solutions that meet the needs of both sides of their organization.
Further, to gain complete enterprise visibility and control, OT organizations must deploy cohesive solutions across their converging IT and OT networks. A platform approach is essential for OT organizations since their security considerations must extend beyond the on-premises system. They must also cover the operating system, the network infrastructure, and take the increased dependence on enabled Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices into account.
OT organizations should put a proactive cybersecurity strategy in place with a focus on visibility, control, and behavior analysis. To safeguard critical OT systems, every point of connection to the outside world must be protected. After all, cybercriminals certainly aren't going to let up in 2022, and neither should you.