By Simon Howe, LogRhythm vice president sales Asia Pacific
While attacks on operational technology remain unusual, safeguarding against them is critical in today’s climate of heightened risk.
Heard and read plenty about cyber-crime over the past year? For anyone who follows the news, it’s been hard to escape from. The COVID crisis has triggered an ongoing surge of illicit activity, with every week seemingly bringing another story of a company or organisation whose defences have been breached.
The vast majority of attacks have been aimed squarely at the enterprise; the systems and data sitting in head offices around the country.
It was ever thus. Enterprise attacks are a high frequency event and account for around 95 per cent of successful cyber incursions worldwide. Although they can be disruptive in the short term, the impact of risks such as ransomware and advanced persistent threat attacks rends to be low, in the grand scheme of things.
Related article: AusGasCo gets green light in Bowen and Surat basins
The other five per cent? That’s a whole other story.
Operational attacks, that is, attacks on the infrastructure and resources necessary to run an enterprise – people, processes and technology – are rarer but far more serious. They can cripple organisations and threaten national security and national interests.
Clear and present danger
Last year saw Australian Prime Minister Scott Morrison take the extraordinary step of warning local enterprises they were being targeted, by a sophisticated, state based cyber actor. Along with government, industry, education and healthcare organisations, essential service providers and operators of critical infrastructure were advised to be on their guard – and to take steps to enhance the resilience of their networks.
“Protecting Australia’s economy, national security and sovereignty is the Government’s top priority,” Morrison stated. “The Government encourages organisations, particularly those in the health, critical infrastructure and essential services to take expert advice and implement technical defences to thwart this malicious cyber activity.”
Planning and prioritising
While the guidelines for locking down enterprise systems are straightforward – patching internet facing devices promptly and using multi-factor authentication to secure internet accessible systems – enhancing operational security can be considerably more complex, in a medical or heavy industrial environment.
As old stagers in the security industry will attest, the prevalence of bespoke solutions and very old technology – observe the organisations where the Jurassic-era Windows 95 operating system is still in use – make it impossible to devise a one-size-fits-all strategy.
Instead, organisations must ascertain their own risk appetites and thresholds and chart their courses of action accordingly. Doing so necessitates security personnel having complete visibility into the ICT environment. This allows systems and applications to be catalogued, and the risks associated with them going down quantified and compared.
Once that exercise has been completed, it’s a matter of prioritising the systems most in need of mitigation and determining how best to ameliorate the risk.
Related article:Ausgrid helping more schools go solar and save
Getting the board on board
Securing decision makers’ blessing and the requisite budget to improve operational security can also be a challenge. In some sectors and industries – think energy and resources, for example – there’s no need to remind leaders of the risks. In others, it may be necessary to mount a convincing case for funding. That can be no easy task, given the dearth of case studies about operational systems hacking, and trivialising the issue by presenting news stories about attacks on enterprise solutions isn’t the answer either.
Rather, chief information security officers need to embark on a mission to educate those at the top about the purpose of the investment and the desired outcome – ensuring operational and business continuity, come what may. At the same time, they should be reminded of the existential risk to the organisation, if critical technology were to be compromised or taken out.
Towards a more secure future
In today’s hyper-connected world, operational security is too important to be left to chance, given the potentially devastating consequences of a successful widescale attack. For organisations that haven’t already done so, it’s past time to make it a priority.