October 29, 2021 Insider Breaches Gain Traction in OT

42% of surveyed OT leaders experienced an insider breach last year. In this case, going back to basics plays a huge role in risk mitigation.

By Rick Peters, CISO for operational technology, North America, Fortinet     

Whether they know it or not, employees can pose a significant risk to the security of enterprise networks and the data in transit or in storage. In their 2021 cybersecurity predictions, the analysts at Forrester Researcher predicted that 33% of breaches in 2021 would be insider-threat related, largely due to the increase in remote work. The 2021 State of Operational Technology and Cybersecurity Report from Fortinet found that 42% of those OT leaders surveyed experienced an insider breach – up from 18% the year prior. Let’s take a closer look at this risk and what organizations need to know to mitigate it.

Understanding the risk insider of threats

Insider breaches can be accidental or malicious; we can break it down into three main categories:

Careless users – These individuals have made a thoughtless error that results in an inadvertent system failure, data breach or accidental breach. Since this behavior is entirely unintentional, it’s much more difficult to prevent or prepare for.

Negligent users – Such people willfully side-step policy for the sake of productivity. These activities can range from creating a secret backdoor into the network to implementing an easy-to-compromise password system for networked devices. The risk from these users is high because they almost always have privileged access to systems and devices.

Malicious insiders – These users intentionally cause harm through such activities as fraud, data theft, IP theft and sabotage. That could include a disgruntled, recently fired employee, for example.

The pandemic and the increase in insider threats

The advent of a global pandemic only served to increase the security issues that OT leaders already faced. With the increase in remote work, employees don’t have the option of walking over to a coworker’s desk to get their thoughts on a suspicious-looking email.  All too often, this inconvenience makes them more susceptible to social engineering attacks.

Another primary risk factor related to remote work: it is likely that the security issues related to home networks contribute to the problem. For example, if VPN filters are not adjusted correctly, phishing emails may pass through that would not ordinarily gain access on the corporate network. These risks underscore the need to move towards a zero-trust model and away from a perimeter-based networking approach. This includes OT leaders carefully considering who has access to their systems.

Cyber hygiene is key

Cybersecurity technology is just one part of the solution when it comes to mitigating the risk of insider breaches. For accidental insider incidents, OT security leaders need to prioritize their employees’ cybersecurity awareness training to help them understand the role they play in keeping networks secure and reducing the risk of insider threat.

A good starting point is helping them grasp the consequence of a security event and how it can affect them personally and professionally. Understanding a connection between safe cybersecurity practices and the positive impact they feel they are making when everyone is engaged and responsible should lead to measured improvement when they encounter suspicious cyber behavior or questionable email or websites.

Sustained awareness training includes continuously providing employees with updates on new social engineering attack methodologies so they are situationally aware. When employees know what is expected, they’re more likely to take ownership and feel like part of the team. Exhibiting greater enthusiasm about best practices, they’re less likely to enact the behaviors that cause accidental insider issues, such as not using strong passwords or forgetting to change default passwords. Establishing best practices and conveying guidance on important security elements like multi-factor authentication and VPN usage just furthers the security cause. As a greater percentage of employees do the same, the human firewall acting as the first line of defense for the organization will only grow stronger.

The fundamental things apply

Whether an employee meant to cause a breach or not is not foundationally material in terms of the real damage that can occur. And when the percentage of OT leaders who report experiencing an insider breach goes from 18% to 42% in one year, it’s clear that more needs to be done to quell the phenomenon.

Remote work, with its less-secure home networks, are partly to blame for this jump in insider threats. Cybersecurity technology needs to be in top form, but OT organizations also need to keep their cyber awareness training program running continuously. When employees are equipped with the latest information about social engineering exploits, they’ll be far less likely to fall victim to them. Further, when they recognize that they are the guardians of the expanded security landscape, they can take pride in being part of the solution rather than being perceived as a liability.

About the author
Rick Peters is the CISO for operational technology, North America for Fortinet Inc., delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace.  That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities.

Subscribe to Industry Today