Operational technology company Claroty expects more cyber threats and ransomware the industrial sector, including a significant increase in ransomware targeting the healthcare sector. The COVID-19 pandemic has led to increased reliance on remote access connections, accelerating digital transformation, and making strong, purpose-built industrial cybersecurity increasingly essential.
Driven by the need to increase productivity and top line revenue in order to stay competitive, companies in these sectors will digitize their OT networks by connecting them to IT, thereby exposing them to new kinds of cyber threats, said Yaniv Vardi, Claroty’s CEO, in a blog post.
The year gone by was unprecedented with a sudden shift in industrial enterprises to a distributed workforce model, Claroty said. The convergence of IT and OT networks to maintain productivity and drive competitive advantage, and OT security have become increasingly foundational to resilience and operational continuity. However, a combination of legacy devices connected to the internet, a growing number of attack vectors, and opportunistic adversaries has created a perfect storm that exacerbates cyber threats and ransomware risk.
Attackers are keen on gaining a foothold inside corporate networks, while also moving laterally until they control critical systems and have access to sensitive information, according to Amir Preminger, the company’s vice president of research. He sees the likely next move as dropping ransomware, encrypting key systems, and waiting for frazzled victims to pay.
“As more and more organizations become hardened to ransomware, practice better security hygiene and have reliable, available backups, recovery is possible without paying ransoms,” Preminger said. “Attackers adapted with a new business model whereby they are more likely to extract information and extort victims for cash with threats of selling the data on the underground, or leaking it publicly, putting the victim at a competitive disadvantage should their intellectual property, corporate secrets, or customer data become public.”
Echoing Preminger’s thoughts on ransomware, Galina Antova, co-founder and chief business development officer, predicts a significant increase in cyber threats and ransomware in the healthcare sector. “This is driven by a combination of high-profile press on ransomware attacks, which further motivates threat actors, and a very diverse IoT infrastructure, which is fully interconnected to IT and often missing the basic security controls required to withstand a ransomware attack,” she said.
She also expects a move to the cloud for OT applications, which will see an acceleration in 2021. “The COVID crisis significantly accelerated digital transformation projects which in turn accelerated plans for consistency across the infrastructure and thus further closed the gap between acceptable deployment patterns for IT and OT,” Antova said.
The executive also expects that boards of directors, especially of traditional infrastructure businesses, will diversify by getting new board members who are technology executives and understand how to effectively supervise and drive digital transformations, as every company is becoming a technology company.
“As we start to see the light at the end of the tunnel with the pandemic, the businesses that will come out on top are the ones that can adapt to change as quickly as possible,” Vardi said. “In the industrial space, organizations who had established secure connections from OT to IT, thereby enabling remote access to OT, experienced the smoothest transition.
Claroty said in December that the COVID-19 pandemic has accelerated the transition towards a remote workforce. For industrial IT and OT systems, the shift exposed industrial networks to increased cyber threats and ransomware through remote connections that inherently expanded an organization’s attack surface. Many virtual private networks (VPNs) or other offerings that claim to provide secure off-site access to industrial technology environments eliminate or obfuscate the audit trail of remote user activity, it added.
After the pandemic is over, the majority of the world will have grown very accustomed to working from home so organisations are going to be acquiring smaller office spaces and the workforce will adopt a hybrid approach to working, spending some days in the office and others at home, according to Claroty’s Guilad Regev, SVP of Global Customer Success. “This means that in terms of cyber security, we’ll continue seeing a need for secure remote access, especially for organizations in the industrial sector,” he added.
Even when the vaccine becomes widely available, companies will not fully go back to the way things were, Vardi predicts. “More employees will continue to work remotely in some capacity than before. The way we manage our businesses will change permanently, and therefore the technology we use to do so will change permanently as well.
Last week, Claroty said that IoT devices security is becoming essential in OT environments, following the recent passage of the IoT Cybersecurity Improvement Act in the US. Following the Act, any Internet of Things (IoT) device purchased with federal government funds must meet new, minimum security standards, and the deadlines, in some cases, are just a few months away.