Share, , Google Plus, Pinterest,

Posted in:

Operational technology is becoming a primary target for cyber attackers

Article provided by Thuthukani Technology Solutions

Operational technology is becoming a primary and preferred target for cyber attackers, while many businesses are mostly still figuring out whether they should actually invest in cybersecurity solutions to protect their information technology.

Instances of vulnerabilities in operational technology (OT) devices have skyrocketed this year, with new vulnerabilities up 46% in the first half of 2021 year-on-year. – Skybox Security (September 2021)

If you are wondering what the difference is between IT and OT: Information technology (IT) is the use of computers to store data and process it, while operational technology (OT) is basically anything that’s used for industrial purposes.

Operational technology enables revenue creation and business continuity. This critical infrastructure is the backbone of numerous enterprises and governments. Despite the criticality, the cybersecurity measures in place are still weak to non-existent, leaving it wide open for easy attacks that can cause significant problems.

These attacks that exploit vulnerabilities present in industrial systems can cause physical damage or injury due to safety mechanisms that may not be designed to work with cybersecurity controls. This is a new trend we will continue to see develop over the coming years as many business owners are still grappling with the need to sufficiently protect their IT systems against hackers and ransomware, let alone the OT systems that is the true holy grail of the business, but which is perceived benign from a business security perspective for various reasons. So why has OT become such a significant target “suddenly”? There are mainly four reasons:

  1. The impact of an OT breach to gain control over industrial equipment is equally, if not more devastating than that of an IT breach.
  2. The ageing computer technologies used in OT could be difficult to maintain from a security perspective, making such equipment relatively easy targets.
  3. The misconception that IT can also secure OT in the same manner. OT industrial components require a completely different approach or solution.
  4. The growing number of IoT devices increases the attack surface, making OT more susceptible to targeted attacks than traditional Information Technology (IT) networks. Entry point could be a general-purpose computer with standard operating systems used in OT for operation management of sensors, production lines and manufacturing processes.   

OT cyber-attacks could consist of ransomware delivered via a compromised employee account aiming to escalate to the ability to directly control elements of OT systems. After such compromise, the attackers can interact with the systems in various ways or sell direct access to these components. This is a huge risk when industrial installations are energy plants, building control systems, manufacturing equipment, inventory management, gas/oil distribution networks, and power grids or water treatment plants. Cyberattacks could cripple a business or cause injury through malfunctions, the release of chemicals or even cause explosions.

A cybersecurity solutions provider with a fundamental understanding of OT specifics and vulnerabilities should be called in to identify and qualify risk and security needs to protect industrial systems against such attacks that threaten operations and critical infrastructure.

Businesses and solution providers are often so focused on IT that they don’t seem to notice how hackers are starting to target operational technology instead. If you need help securing your company’s operational technologies against cyberattacks, contact our team today. We will work with you to identify where you’re most at risk and how we can assist in mitigating that risk.

At Thuthukani Technology Solutions, we believe that technology should be an asset for your business, not a problem.

Thuthukani Technology Solutions is a proud Premier Member of the NSBC