Security News
Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated...
How has the global geopolitical environment influenced the landscape of OT cyber attacks? The 2024 Threat Report highlights a 19% increase in OT cyber attacks in 2023 compared to the previous year.
Analysis Cybercriminals follow the money, and increasingly last year that led them to ransomware attacks against the manufacturing industry. Operational technology security firm Dragos, in its 2023 year-in-review report [PDF], found 70 percent of all industrial org ransomware infections hit manufacturing companies.
Ensuring secure access to OT environments is about more than just cybersecurity. At the same time, more third-party vendors and contractors are being given remote access to OT environments.
Rew Ginter is a widely-read author on industrial security and a trusted advisor for industrial enterprises. He currently works as a VP of industrial security at Waterfall Security Solutions.
In Claroty's previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27% impacted both IT and OT. Today, 21% impact IT only, while 37% impact both IT and OT - a significant 10% jump for the latter in just two years. 61% of respondents are currently utilizing security tools that leverage generative AI and an alarming 47% say that it raises their security concerns.
Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The "SIERRA:21 - Living on the Edge" report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular - an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for various applications.
Increased systems connectivity inevitably brings its own risks, often including cyber security blind spots that expose sensitive data to unauthorised access and disruption. Staying secure and compliant demands detailed visibility of OT assets and the ability to protect them over an extended network.
The sharp increase in attacks on operational technology systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals. The lack of success on the defense side can be attributed to several factors: the complexity of OT environments, the convergence of information technology and OT, insider attacks, supply chain vulnerabilities, and others.
Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully define operational risk, and therefore are equipped to fully disclose material business risk from cyber incidents. Operational risk in OT and IoT. Cybersecurity incidents continue to disrupt production, with companies like Clorox reporting product shortages a month after disclosure.