ANATOMY OF AN OT ATTACK

Attackers thrive during times of uncertainty and the last year has provided plenty for them to work with. The world has changed, perhaps forever, and the way we work has been overhauled. We’ve seen organisations move to accommodate remote working, some overnight, with many looking at what that means for the future. The issue is that, when introducing any new working practice — such as remote working, it is critical to do so securely. Organisations need to think through how this changes the threat landscape and introduce controls to limit and/or address this risk.

With the remote working “hybrid” model likely to continue, at least for the foreseeable, this shift to a remote, distributed workforce has led to a higher volume of critical and confidential information being transmitted electronically. Security leaders must ensure that their strategies are in lockstep with business priorities and can effectively communicate the security programme to business asset owners.

Of course, it’s not just data breaches that are a concern. This expanded infrastructure poses a larger target for attackers and we’ve seen a number of instances where IT systems have been compromised, allowing the bad guys to move laterally and affect operational technology (OT) systems that power our critical infrastructure. The most recent being Colonial Pipeline, which was hit with ransomware that began in the IT environment and, out of precaution, forced the operator to shut down operations.