As industrial cybersecurity begins to rise among the priorities of CISOs and their committees, we have the opportunity to look at protecting industrial operations from a new perspective. We’ve been talking about the need for fully integrated security platforms for over 20 years. And yet, every time a new security challenge arises, hundreds of vendors rush to provide a targeted solution to that specific threat.
The result is a disparate set of technologies and tools that CISOs and their security teams need help to use effectively. A recent report from the Ponemon Institute and IBM confirms this trend. It reveals that companies employ more than 45 different security tools on average, and each incident handled requires a coordination effort across approximately 19 tools.
This ultimately makes security much less effective: in fact, companies that use more than 50 security tools have a position 8% lower in the ranking regarding their detection capacity and 7% lower regarding their ability to react to an attack compared to companies that have fewer tools… But good news! As industrial cybersecurity begins to rise among the priorities of CISOs and their committees, we have the opportunity to look at protecting industrial operations from a new perspective.
There is no need to replicate the complexity that prevents detection and response on the IT side. With most critical infrastructure environments starting on a sound footing when it comes to industrial cybersecurity, we have an opportunity to take a more straightforward approach. Instead of introducing more isolated tools within the overall security infrastructure, there is a need for a single agentless solution that includes asset visibility to identify vulnerabilities and suspicious behavior, continuous threat monitoring to detect and track threats that cross the IT/OT boundary and secure remote access solutions with strict session controls.
The capabilities of connecting TO security to IT systems, workflows, and endpoints, including IIoT and IoT endpoints, help remove the complexity and blind spots introduced by point solutions. Combining multiple capabilities into an industrial cybersecurity platform also eliminates the need to hire additional consultants and deploy more resources to manage and maintain solutions that each have their interface.
Two Recent Examples Highlight The Urgency Of This Approach
First of all, the sneaky aspect of the attack against the SolarWinds supply chain, the advanced functionalities, and the devious means used require that all companies running impacted versions of the SolarWinds Orion software be on alert, including operators of critical infrastructure, industrial control systems (ICS) and SCADA. Once inside the environment, it is likely that the cybercriminal will be able to move laterally across Orion client networks to access other network domains and steal data or exploit different vulnerabilities.
Since companies tend to allow network management systems to avoid false positives, attackers use this gateway to hide in plain sight. Their presence is further strengthened when companies lack visibility into the content of their industrial networks and detection techniques to spot unusual behavior. More recently, the attack on the Oldsmar water treatment facility in Florida, which involved a remote attacker connected via TeamViewer desktop sharing software, is a prominent example of attackers who move quickly between endpoints and OT networks and assets.
Fortunately, operators were able to block the attacker’s access and prevent the contaminated water from reaching the public. But behind this rapid response lie systemic problems present in critical infrastructure, which will worsen as more companies connect remotely to critical industrial systems. We need to look at security holistically because it’s clear that for cybercriminals, a network is a network, and so attacks are intertwined.
Give The Keys To Businesses
A more straightforward and more comprehensive approach to industrial cybersecurity helps identify, manage, and protect its OT, IoT, and IIoT assets. Additionally, when you expand the integration to include connecting your industrial cybersecurity program to your IT security program, something even more powerful happens.
From a strategic perspective, it is possible to view governance and processes holistically and centralize responsibility and duties for risk management enterprise-wide with the CISO. Tactically, IT and OT teams are able to work together to avoid duplication of processes and efforts and save valuable resources. The result is safer, more efficient operations and reduced risk for the lowest possible total cost of ownership, as well as much more excellent support and alignment with the rest of the business.
Continuous innovation in cybersecurity is essential and exciting. But to realize the long-term vision of companies in the industrial space of unlocking new business value through digitalization, the time has come to adopt comprehensive solutions that work seamlessly and securely across the globe. Ecosystem on a larger scale. This is the only way for businesses to operate, increase their resilience, and innovate in the industrial economy sector with an acceptable level of risk.