Terry Olaes, Technical Director (North America) of Skybox Security on the attack and how organisations can prevent future breaches of this magnitude:
- Hackers now see critical infrastructure as low-hanging fruit. With the rise of Industrial IoT sensors coupled with outdated legacy IT systems not designed to withstand blistering hacks, this makes critical infrastructure a perfect target for cybercriminals.
- Recent research highlights how these types of attacks continue to trend upward as OT attacks jumped by 30% in 2020 alone and IIoT flaws increased 308% year-over-year.
- Leaders in this space are often in a Catch 22. OT-reliant industries (such as utilities and manufacturing) can’t afford to shut down for comprehensive overhauls of legacy technology; freezing operations means lost dollars. Hackers are seizing the opportunity to attack OT-reliant organisations, enterprises, and governments, knowing they will pay hefty ransoms to prevent disruption.
- Additionally, OT device vulnerability scans and remediation often happen only once or twice per year, if at all, limiting visibility on the constantly evolving threats and leaving vulnerabilities unpatched for months. Years of computer and network neglect only compound the urgent need to shore up security.
- Apathy is arguably the most significant risk to critical infrastructure security. Security and facility leaders in OT-dependent industries must evolve their thinking and take action to avoid ending up in the crosshairs of a hacker.
- Taking a proactive approach to visualize and analyse IT/OT networks and hybrid, multi-cloud collectively will provide critical insight into the attack surface and help prevent future OT attacks from happening.