Ransomware is evolving to challenge the OT edge – where it converges with IT, often without adequate security. Learn five best practices.
By Rick Peters, CISO for operational technology, North America, Fortinet
According to the 2020 Verizon breach report, ransomware accounted for 27% of malware incidents in the past 12 months. That may seem like a small percentage at face value, but the amount of havoc these incidents can cause is massive. The impact of ransomware has worsened in the past few years as attackers broaden tactics from an indiscriminate “spray and pray” methodology to also incorporate a fair balance of precise targeted attacks.
This requires a greater upfront investment in time and resources, but it’s yielded proportional dividends for cyber criminals. Last year, bad actors using ransomware focused heavily on healthcare and government agencies. Now, industrial control systems (ICS) and operational technology (OT) are increasingly a primary target. As the network perimeter continues to expand and edge-enabled environments proliferate, this problem will grow.
In the last several years, one trend traversing industries and sectors is the expansion of the edge. Multiple edge environments have replaced the traditional network perimeter—including local-area network (LAN), wide-area network (WAN), multi-cloud, data center, remote worker, Internet of Things (IoT), mobile devices and more—each with its unique risks and vulnerabilities. Many organizations have sacrificed centralized visibility and unified controls in favor of performance and agility, giving cybercriminals a significant advantage.
In parallel with the edge’s expansion is the evolution and increased dependence on ransomware as a means to gain target access. Last year, for instance, ransomware developers devised a new strategy in response to companies declining to pay a ransom and instead restoring compromised systems privately. Now, cybercriminals threaten to post stolen data on public servers as a kind of blackmail to achieve campaign objectives. Some have even extracted sensitive information, then used it to threaten extortion and defamation.
Greed motivates a majority of cyber attackers seeking the biggest bang for their buck. Ransomware’s ease of deployment will ensure continued proliferation. The fallout will become more significant as hyperconvergence takes hold within networks. As networks, devices, applications and workflows intersect to deliver smarter services, even the most critical processes can be affected by a breakdown anywhere in the network. As business infrastructure increasingly converges with critical infrastructure systems, more data and cyber physical assets will be at risk.
Until proportional attention is directed at protecting OT infrastructure, cybercriminals will escalate the ransomware threat to the extent that they’re able to exploit edge and corporate connected resources. Emerging edge networks attached to vulnerable hardware and software will enable cybercriminals to deploy machine learning to exploit complex systems. A logical next step is deploying AI-enhanced malware to launch sophisticated attacks— such as targeting multiple attack vectors—and approach the compute power of larger networks. A step beyond would be coordinated and simultaneous attack vectors, such as is needed to manage a swarm-based attack.
Historically there’s been under-investment in security for ICS or SCADA systems. This must be corrected quickly. Security best practices must be implemented, including:
Ransomware deployment expanded to impact the OT edge of a converged enterprise. Multiple cybersecurity solutions based on best practices enable are available to protect your IT and OT environments from various attack types and stages of an infiltration. A best-practice recommendation is to look for an integrated suite of tools – whether software, hardware or both – particularly those that are designed for the unique challenges of OT environments.
A proactive approach to cybersecurity delivers the confidence and level of services that ensure safe and sustained operations. A comprehensive strategy achieves readiness by focusing on greater visibility, control, and intelligence driven situational awareness. Security solutions that routinely share actionable threat intelligence can achieve rapid response and achieve sustained operations without compromise of performance. That’s the sweet spot that organizations need today to defend their edge.
About the Author
Mr. Peters is the CISO for Operational Technology, North America for Fortinet Inc. delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace. That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities.
Immediately prior, he served as the Director Operational Technology Global Enablement for Fortinet. In this capacity, Mr. Peters enabled OT business growth by partnering with Fortinet OT Security, Sales and Marketing counterparts. The success realized in EMEA and APAC over two years keyed recognition and a strategic transition to focus on North America as the largest target marketspace in 2020.
Prior to joining Fortinet, he served the U.S. Intelligence Community for more than 37 years imparting cybersecurity and global partnering experience across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). He led development of cyber capability against Endpoint, Infrastructure, and Industrial Control System technologies at the agency.
Before that role, he partnered as an executive leader supporting the Information Assurance Directorate at the NSA. Mr. Peters also served in a broad range of leadership and Engineering roles including Chief of Staff for the NSA Cyber Task Force and a 5-year forward liaison charged with directing integration of cyber and cryptologic solutions for U.S. Air Force Europe, Ramstein AFB, Germany.
Mr. Peters is a repeatedly published OT Security thought leader and a frequent speaker at global industry events. He holds a BS in Electronics Engineering and an MS in Engineering Management from the Johns Hopkins University.
Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.