×

Build Cyber Resilience to Better Address Your OT Risk

The recent swift shift to remote work is creating a unique environment for cybercriminals, and bad actors to try to compromise systems. While an anecdote of someone crashing your video conference call may seem funny, the challenges of potential cyber-attacks are broad, and the consequences can be severe. What if it wasn’t a video conference that was hacked, but the building where you work, the hospital that you operate or the airport that you use for travel?

Top Cybersecurity Experts report 4,000 Cyber attacks a day since the Covid-19 pandemic1 , with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently issuing an alert recommending immediate action to reduce exposure across all Operational Technology (OT) and Control Systems environments.2

An increase in malicious activity against critical infrastructure through the exploitation of OT devices, systems, and networks can result in intellectual property and data loss, business disruption and productivity issues. While the advisory is specifically directed at U.S. government assets, DoD, NSS, DIB, and U.S. Critical Infrastructure facilities, CISA and the NSA also recommend that organizations increase their OT resilience to address these threats and take steps to mitigate risk to their respective operational environment.

In addition, Interpol recently advised that cybercriminals are taking advantage of the pandemic to increase their attacks with member countries reporting a range of Covid-19-related cyber threats from fake news to phishing schemes.

In our industry, we say it is not a matter of ‘if’ but when a cyber-attack will occur. As we reflect on the world events around us and take in the recent reports mentioned above – now is a critical time to assess and protect your OT network from potential cyber threats. Below are some tips to help you harden your systems and start to build resiliency.

Complete a Comprehensive Assessment

Conducting a cybersecurity site assessment to identify vulnerabilities and potential cyber threats is key. This also helps set a baseline for your OT network and creates a plan to proactively address any potential gaps.

Implement Endpoint Protection with Deep Learning Capabilities

Deploy endpoint protection with deep learning capabilities that requires less upkeep and enhanced protection. This can help offer a near real-time threat prevention platform with multi-layer protection against known and unknown threats from common malware to fileless and live-off-the-land attacks.

Deep learning, also known as deep neural networks, is one of the most advanced subsets of artificial intelligence and takes inspiration from how the brain works.  It is a pioneering and unique Artificial Intelligence method capable of training directly on raw data and does not require feature engineering by a human expert.  As the artificial brain learns to detect specific cyber threats, its prediction capabilities become more instinctive. As a result, zero-day and Advanced Persistent Threat (APT) attacks are more readily detected and prevented in near real-time with enhanced accuracy.

Implement Remote Management Solutions

Identify and manage anomalies in systems ahead of time with remote monitoring and management.  This will help allow you to maintain systems at peak performance, including patching and maintenance, while responding to potential incidents with enhanced expediency.

Incident Readiness Plan in Place

Develop an Incident Readiness plan so you have a clear understanding of various roles and responsibilities, who should be notified in the case of a cyber-attack, as well as what actions need to be taken.

It is also essential to have a clear Disaster Recovery plan to continue business operations when a cyberattack takes place.  As part of the Disaster Recovery plan, cyber teams typically need to take actions to preserve forensic data, contain affected systems from further damage or data loss, eradicate potential malware, restore service and provide a detailed incident report consisting of lessons learned.

Learn more about the detailed steps you can take to better protect your OT network by speaking to our team of cybersecurity experts.

Mirel Sehic is Global Director of Cybersecurity, Honeywell Building Solutions

References:

1. Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic 

https://www.prnewswire.com/news-releases/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.htm

2. NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

https://us-cert.cisa.gov/ncas/alerts/aa20-205a

3. Interpol report shows alarming rate of cyber attacks during Covid-19 

https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID.