- Developing an adequate security strategy to manage OT, IoT, IIoT, IoMT and IT security as part of a coordinated effort, rather than in isolation, is the need of the hour.
- As more devices get connected to the edge, organisations need to look at their architecture and make security the part of their architecture.
- Enterprises cannot start their security journey without discovering what are the assets they have and ensuring there are no rogue machines infringed on their network.
Cybersecurity solutions providers are not able to stay one step ahead of hackers or predict the attacks despite the improvements in technology, why?
Is it because the bad guys are much better than the solution providers or only the big ones in a million hacks are getting noticed.
“The cat and mouse is an arms race and it appears that the cybersecurity industry is not catching up. You need to understand that we are in an industry where one single attack in millions is disclosed, that occur every day,” Wael Mohamed, CEO of Forescout, said in an interview with TechChannel News.
There are a million attacks that happen every day that people don’t hear about it, he said and added that the industry has done a very good job but “we are still behind and have a lot of job to do”.
“I don’t think this job will be done as bad guys are always on the radar to exploit the systems for different reasons. Our cybersecurity industry is very matured and prepared and there are way more good guys than bad guys, for sure,” he said.
However, he said that there is no silver bullet and need to realise that the enemy is the bad guy.
“You cannot say that you are protecting your IT with an IT solution or IoT with an IoT security solution; you need to have a solution that has the awareness of all devices and provide a continuous monitoring for customers,” he said.
Business continuity
Mohamed said that enterprises cannot start their security journey without discovering what are the assets they have and ensuring there are no rogue machines infringed on their network.
One of the things that happened in the 2021 Colonial pipeline attack in the US, he said was the hackers got into the IT assets via OT (operational technology) machines and disrupted their operations.
Colonial paid the hackers, an affiliate of a Russia-linked cybercrime group known as DarkSide, a $4.4 million ransom after the hack.
“Most of the difficult thing in that situation which most people don’t understand is that the company had no other choice and it shows that continuity is the most important thing in most originations today.
Sometimes, assets that appear not that critical could be the surface of a dangerous attack,” Mohamed said.
IT (information technology) systems are storage systems, computing technology, business applications and data analysis while OT systems are machinery equipment, assets monitoring systems, industrial control systems and SCADA devices.
Changes in attacker behaviours
Mohamed said that targeted attacks and advanced persistent attacks are the big things in the news for many years.
Attackers are increasingly choosing to deploy cyber-physical attacks that target critical infrastructure systems, which can cause outages and be fatal and research firm Gartner said that attackers will have weaponised a critical infrastructure cyber-physical system (CPS) to successfully harm or kill humans by 2025.
According to Sophos survey for 2021, 37 per cent of organisations were hit by ransomware last year, defined as multiple computers being impacted by a ransomware attack, but not necessarily encrypted. While this is a high number, the good news is that it is a significant reduction compared to 2020, when 51 per cent said they’d been hit.
Changes in attacker behaviours observed by SophosLabs and the Sophos Managed Threat Response teams indicate that many attackers have moved from larger scale, generic, automated attacks to more targeted attacks that include human-operated, hands-on keyboard hacking.
“Organisations need to understand their security framework, as they have their policies, and the reality is aligned and if something is out of range, how you can deal with it without disrupting the daily operations,” Forescout CEO said.
Moreover, he said that the convergence of IT and OT is not happening as fast as everybody wished, not only in the Middle East but across the globe, but Mohamed believes the future is more connected.
As more OT gets modernised, he said the convergence of IT and OT will happen and it is already happening, albeit at a slower pace.
Top concerns
Although enterprise IT security is generally well-known and managed, cyber-physical systems challenge traditional security approaches.
In a recent Gartner survey, security and risk leaders ranked the Internet of Things (IoT) and cyber-physical systems as their top concerns for the next three to five years.
The term cyber-physical systems encompass concepts such as IoT, smart city and systems created as a result of OT and IT convergence.
Gartner predicts that 30 per cent of critical infrastructure organisations will experience a security breach that will result in the halting of operations- or mission-critical cyber-physical systems by 2025 and 50 per cent of asset-intensive organisations such as utilities, resources and manufacturing firms will converge their cyber, physical and supply chain security teams under one chief security officer role that reports directly to the CEO.
5G to pose more challenges
When asked whether it is possible to get full visibility on assets of Industrial Control Systems (ICS) with the convergence of IoT, OT, IIoT, IoMT, Mohamed said that if it is connected to the internet and has an IP address, organisations will be able to have full visibility of the ICS assets but the problem is it requires a high level of sophistication to be able to see the assets as every environment is different as it uses different protocols, from different vendors, etc.
“You need to have a solution that can be able to see the assets and doesn’t matter what protocol it talks and from which vendor,” he said.
With 5G coming in and more devices getting connected at the edge, he said the industry definitely needs to be prepared and it is a “challenge for the industry as the devices are not in our control”.
“We need to be prepared and make sure that we modernise the way we see those devices and be able to provide the protection. These are very small surfaces but they can be very dangerous surfaces. As more devices get connected to the edge, organisations need to look at their architecture and make security the part of their architecture,” he said.
When asked whether it is possible to have coordination at the national level and standardisation of reporting requirements globally, he said that the US has already taken great leadership and has done a good job in coordination and cooperation among all the public and private sectors.
“This [collaboration and communication] is the only way to get ahead in sharing the information and the only way to get 360 degrees and get ahead of the situation,” he said.
“We have done it in certain sectors such as law enforcement and can track the bad guys. We are already good at it, communication from the airport and police department perspective, content to content and from country to country. This is a digital world and we have to get there and we will get there,” he added.
