OT and IoT Security: Adopt a Post-Breach Mindset Today

OT and IoT Security: Adopt a Post-Breach Mindset Today

It seems like every day we’re reading about cybersecurity breaches and cyberattacks on critical infrastructure around the world. What used to be a once or twice a year occurrence 10 years ago now seems to be the new everyday normal. And, that’s just what we see in terms of what’s being reported. It does not include the attacks that happen and are handled under the radar.

Every time there’s an attack such as the recent ransomware attack on Colonial Pipeline, industry experts and vendors scramble to share thoughts on what could have been done to thwart the attack, or what the impact of a breach could mean. Companies and organizations need to reset themselves to have a post-breach mindset, pre-breach.

At Nozomi Networks, many of our urgent engagements happen after an attack, when the customer realizes they didn’t have the visibility into their networks to see the malicious behavior ahead of a breach. They typically have viewed visibility and detection as necessary, but it’s funded or prioritized more like it’s insurance. No one likes to pay insurance until after something bad happens. That’s why the meme below is so popular in security circles – it’s just so true.

Critical Infrastructure Is at Risk

The fact is, if you wait, you’re late. It’s that simple. In today’s world, it’s safer to assume you will be attacked than wonder if you will.  

Far too often critical infrastructure providers such as water utilities are either not funded, or haven’t made it a priority to proactively take a post-breach approach to securing their networks. I was reading an article from the IWCE’s Urgent Communications and it summed up the situation nicely: “The harsh reality is that too many water utilities are stuck with antiquated systems and limited visibility into what’s happening in their operational technology (OT) environments.”

This is not to say everyone has this mentality. Many customers are trying to get ahead of the situation. One of the largest pharma companies in the world had a thorough audit done by a highly regarded consulting company and uncovered that one of their biggest gaps was network visibility – the most important step in cybersecurity. They embarked on a thorough research and evaluation process and are deploying Nozomi Networks to give them the visibility and security they need – before it’s too late.

Even in the case of Colonial Pipeline, the initial information available from the company and the press coverage seems to indicate that they had the processes in place to detect and contain this type of attacks – before it had an opportunity to be exploited further and cause more damage. I’m sure there will be a financial impact for having to take systems offline in this containment, but imagine an attack where they didn’t have the systems and processes in place and they lost control of their business for an extended period of time. It would make the cost of proactively taking things offline look like a rounding error.

Don’t Delay: Adopt a Post-Breach Mindset Today

The industry is anxiously awaiting guidance and support/reinforcement from the federal government on how to protect critical infrastructure. Over the years, there has been a lot of talk about how actions aren’t catching up with the attackers. It’s going to be imperative that there are some very prescriptive steps providers have to take before it’s too late. There needs to be a level emphasis put on cybersecurity that we haven’t seen to date, or attacks like we saw on Colonial Pipeline and the Oldsmar Water Plant will be just the beginning. Funding, support and clear guidance will all play an important role in making sure our critical infrastructure is resilient and safe.

They say luck is when preparation meets opportunity. With today’s threat landscape getting broader and more sophisticated, if you adopt a post-breach mindset (without the impact of a breach), you will be extremely lucky.