Is industrial IoT creating a cybersecurity perfect storm?

By Frederic Saint-Joigny, VP of EMEA, Skybox Security.
 
Internet of Things (IoT) and Industrial IoT (IIoT) sensors have revolutionised manufacturing in the 21st century, enabling enterprises to improve production processes using real-time visual and technical data.

Unfortunately, although few devices and networks are 100% secure given the constantly expanding threat landscape, IoT sensors are notoriously vulnerable, offering bad actors plenty of low-hanging fruit to pluck.

Coupled with outdated networks and computers that were never designed to withstand blistering attacks, IIoT sensors have made critical infrastructure a perfect target for cybercriminals. In 2020 alone, Skybox Research Lab discovered that IIoT vulnerabilities increased by a staggering 308%, reflecting both emergent threats and the rapidly growing use of these sensors across industries.

Avoid ransoms you cannot afford to pay

Those reliant on operational technology (OT) are often in a Catch-22: Industries such as manufacturing and utilities cannot afford to shut down legacy equipment for comprehensive overhauls, despite the profound risks OT creates. That’s why attackers keep successfully infiltrating OT-focused organisations and governments; they know large manufacturers and utilities will pay hefty ransoms to prevent disruption.
 
While freezing operations means lost dollars, the cost of downtime due to a cyberattack can be astronomical. For example, aluminium giant Norsk Hydro suffered an estimated $75 million hit from the LockerGoga ransomware attack in 2019. Few enterprises can afford that type of impact.

Zero in on what matters

Security leaders must evolve their thinking and take action to avoid ending up in the crosshairs of today’s sophisticated cyber attacks. An effective programme will proactively protect against threats in the Industry 4.0 era, taking the following three key mandates into account:
 
1. Ensure consistent security by visualising your attack surface across IT, OT and hybrid cloud environments. Understanding the entire attack surface is essential. Security strategies must evolve to include automated aggregation of configuration and security control data across disparate environments into a consolidated network model. Security teams can then turn that data into insight, focusing on legitimately high-risk vulnerabilities rather than just obvious red flags.
 

2. A hybrid network model is the first step towards transparency between your organisation’s IT and OT functions. Fostering teamwork through these two previously siloed areas, this strategy can build a collaborative approach that advances overall security posture. With these cultures colliding, platforms that encompass both industrial and traditional security will illuminate a new path forward for holistic security programmes.

Secure the manufacturing floor by detecting vulnerabilities on unscanned devices in real-time, grouping assets into geographical areas. Network scanning is an important component of any cybersecurity solution, but some IIoT and OT devices may not be scanned due to technology limitations. With a full-network model in place that is updated daily – akin to an overhead Google map of all your enterprise assets – you can treat unscanned IIoT and OT hardware as outposts within the network topology and use their geographic locations to aggregate and address them.
 
For instance, you could cluster all of the unscanned devices in your factory’s northwest corner. Then, have your security platform analyse all their vulnerabilities, enabling geographic-specific rules to be implemented and updated on a quadrant-by-quadrant basis.
 
3. Prioritise remediation based on highest exposure. Traditional risk scoring techniques have led many enterprises to focus on theoretical threats rather than practical ones – akin to protecting retailers against lightning strikes instead of common thieves. Armed with a holistic network model, vulnerabilities can be evaluated based on actual exposure analysis, including IT and OT elements that are most highly exposed, rather than abstract risks.

Armed with practical exposure awareness, security teams can prioritise patches and other protective measures where they will have the greatest impact – rather than wasting time and effort on issues that hackers won’t likely exploit. Combined with automated remediation technologies, this approach will free your personnel to focus on important tasks and improve security posture over time.
 
As we look ahead to the next several years, there’s little question the manufacturing and logistics industries will continue to adopt IIoT technologies at a brisk pace and evolve OT installations to whatever extent possible. Yet, the benefits of IoT and OT are still offset by their potential for exploitation and the very real likelihood that they will become the first targets for hackers capable of inflicting ransom-scale losses. In the face of continued and growing cybersecurity threats, enterprises must change the way they secure IT/OT networks. Proactive prevention against attacks is a far better strategy than reacting to threats after they’re at a critical stage.