Nation-state actors have been targeting OT networks with malicious attacks and ransomware demands. They are explicitly targeting industrial environments which impact the physical processes and business leading to disruptions, shutdowns, loss in productivity, revenue and, in some cases, could lead to loss of life as well. A report by Digital Shadows found that industrial goods and services were the number one most targeted industry in 2020 at 29%.
Thus, organisations need to build awareness amongst the team on the impact IT systems can have on OT and prioritise risk by building a clear incident plan.
Therefore, it is crucial to address the risk of ransomware to OT networks and explore how it can be reduced for organisations in 2022:
#1 Robust Monitoring Program
Adopting systematic and strategic monitoring can ensure as little impact on operations as possible. For both IT and OT networks, monitoring can flag any malicious activity traversing the networks and alert the team. However, a robust monitoring program is continuous and automated. Organisations need to invest in tools that can leverage automation to churn out reports for analysis and also provide remediations to tackle the vulnerabilities identified during the monitoring. With the segmentation of IT and OT environments, a concentrated and dedicated program is the key.
#2 Active Incident Response
An incident response plan is a necessity to combat threats as well as for facing incidents whenever they emerge. However, ransomware attacks need an active incident response in place. Run exercises on your existing plan and find new gaps that can be improved. This will build confidence in the team’s preparedness and resilience against the new forms of ransomware attacks. Often incident response plans suggest disconnecting systems as the first step. When it comes to OT networks, more than time-consuming, it can be a complex and risky task to restore the systems once disconnected. Therefore, a thought-through incident response plan must be framed and well tested beforehand.
#3 Practice Good Cyber Hygiene
Good cyber hygiene begins with good governance that encompasses all Industrial IoT, industrial control systems (ICS), and Enterprise IoT components. Basic hygiene practices like using strong passwords and safeguarding them in a password vault, adopting multi-factor authentication, and ensuring patch management for all endpoints are some key points for reducing the risk.
The industry has made tremendous progress in technology that helps us easily discover assets, risks, and vulnerabilities and provides solutions to mitigate the threats. Ransomware is often effective when organisations are not sufficiently equipped to recognise the potential incidents. Poor cyber monitoring of large numbers of unpatched assets with no processes to manage them is a recipe for disaster.
OT networks are sensitive to ransomware attacks and can damage the physical assets and reputation of the firm under attack. In order to be cautious, be alert to poor and complacent hygiene practices and maintain best monitoring practices.
