Connectedness is defining our lives as never before. With Internet-enabled IoT devices multiplying exponentially and 5G promising a revolution in connectivity, enterprises and organisations have to deal with the convergence between IT and OT technologies and the challenges that may arise.
But the more connected organisations become, the more they open themselves to digital exploitation from cybercriminals on an unprecedented scale. Ominous rises in DDoS attacks, east-west infiltration and state-sponsored cybercrime are creating a darker, more dangerous threat landscape that have the potential to combine to create The Perfect Storm.
Just take a look at some of the high-profile breaches that have caused mass disruption over recent years.
Could they get worse?
2021: Florida Water Breach Threatens the Health of 15,000 Residents
Hackers of a water treatment plant in Oldsmar, Florida took control of levels of sodium hydroxide, a highly corrosive substance used to balance water acidity. The attack in February 2021 briefly boosted concentrations from 100 parts per million to 11,100 ppm, until an operator averted disaster by taking immediate action to restore correct levels of the chemical. Left unchecked, the hack would have put the health of 15,000 local residents in serious jeopardy.
2020: $100 Billion US Clean-Up for State-Funded SolarWinds Hack
In 2020, cyber-attackers exploited security weaknesses in Microsoft, SolarWinds and VMware software to execute thousands of data breaches across NATO, Microsoft, the European Parliament, US and UK governments and many other organisations. Identified as the work of state-sponsored Russian hackers, the attack went undetected for months and caused billions of dollars in damage worldwide, including predicted costs of over $100 billion for US companies and government departments.
2017: WannaCry Attack Costs Organisations Over £6 Billion Worldwide
In 2017, the WannaCry cyber-attack became the world’s most serious ransomware incident, affecting over 200,000 computers across 150 countries. Targets included the UK’s NHS, Spain’s Telefonica, FedEx in the USA and German rail company Deutsche Bahn. Across NHS England, at least 80 out of 236 trusts and 603 primary care organizations were infiltrated. Essential IT and phone systems were disabled, resulting in the cancellation of thousands of operations and patient appointments, and costs exceeding £92 million.
So what exactly are the risk factors?
The convergence of IT and OT magnifies the threat by enabling malware to migrate seamlessly between the two. The 5G rollout brings game-changing risk by being the glue binding billions of Internet-enabled IoT devices that offer attackers a rich opportunity to bring down essential power, health and security infrastructure.
DDoS attacks are growing in scale, duration and frequency. Proliferation of IoT devices is a major contributory factor and 5G’s high-speed, mega-bandwidth super-connectivity creates an attractive conduit for bigger, faster, more serious DDoS attacks. East-West lateral spread is an attractive tactic for hackers taking advantage of the recent trend in interconnecting IT, OT and IoT devices on the same infrastructure. With average breach detection times of 207 days, attackers inside the perimeter have ample opportunity to explore networks unchallenged, seek out weak spots and select the most valuable assets to steal, exploit or damage.
State-Sponsored Cybercrime is perceived as an easy alternative to well-defended military or government targets and businesses often find themselves in the crosshairs, especially if they are keepers of sensitive data, highly profitable, connected to government agencies, providers of essential public services or vulnerable to IT downtime. Taken individually, each has the potential to cause significant harm. But collectively, these risk factors could combine to forge attacks on a scale unseen in the history of cybercrime. This perfect storm could have devastating and dangerous outcomes for people, companies and economies on a global dimension.
How can you protect your OT & IoT customers from the Perfect Storm?
You can’t secure what you can’t see. Visibility is fundamental for cyber resilience, detection, protection and mitigation. Two of our vendors, Gigamon and Nozomi Networks, have a strong eco-play alliance that allows your OT & IoT customers to have comprehensive and integrated visibility across IT and OT assets. Gigamon sits between the OT business network, manufacturing, process network and tools, such as Nozomi Networks, to provide visibility regardless of medium (physical, virtual, cloud) and including east-west traffic.
It ensures relevant traffic is delivered to Nozomi Networks Guardian efficiently and in the format they need. It aggregates low-volume links before forwarding, de-duplicates packets to avoid unnecessary overhead and offers easier control of asymmetric routing to collate session information for analysis by Nozomi Networks security tools.
For more information on the joint solution reach out to Grant Watts and Tom Usher.