Massive industrial operations, from manufacturing plants to energy grids to water management, have recently been targets of cyber intrusions and ransomware attacks. According to a Kaspersky Report, The State of Industrial Cybersecurity 2018, 49% of organizations surveyed experienced an incident or breach within the last 12 months. 64% of those incidents or breaches involved conventional malware/virus attacks, and another 30% involved ransomware.
As more organizations continue to converge legacy control systems and other vulnerable operational technology with information technology, we will continue to see targeted ICS attacks that take advantage of the increased attack surface and wreak havoc through a flat and unprotected network.
One such example occurred in 2017, when Triton malware targeted safety instrumented systems (SIS) at a critical infrastructure firm in the Middle East. The malware was able to communicate with the SIS through the operations network, once inside, the threat actors presumably hoped to control or damage systems, in this case the malware inadvertently shutdown operations.
But an attack isn’t inevitable. Taking the right steps to secure your operational technology and safely enable remote access can save your data, your operations, and even the safety of your personnel. For example, the Middle Eastern firm could have securely segmented their SIS, denying public internet access and cloaking it to the outside world. For any maintenance or monitoring, they could have employed a secure remote access solution that would allow only authorized users to gain access without the risk of bringing malicious code into the network.
In our most recent solution brief, we walk through the traditional approaches to secure remote access and detail why they aren’t enough to keep your organization running safely. We also explain how by utilizing a secure remote access solution, you can safeguard your business and your employees from these malicious attacks and prevent a breach in the future.