It seems like every day we’re reading about cybersecurity breaches and cyberattacks on critical infrastructure around the world. What used to be a once or twice a year occurrence 10 years ago now seems to be the new everyday normal. And, that’s just what we see in terms of what’s being reported. It does not include the attacks that happen and are handled under the radar.
Every time there’s an attack such as the recent ransomware attack on Colonial Pipeline, industry experts and vendors scramble to share thoughts on what could have been done to thwart the attack, or what the impact of a breach could mean. Companies and organizations need to reset themselves to have a post-breach mindset, pre-breach.
At Nozomi Networks, many of our urgent engagements happen after an attack, when the customer realizes they didn’t have the visibility into their networks to see the malicious behavior ahead of a breach. They typically have viewed visibility and detection as necessary, but it’s funded or prioritized more like it’s insurance. No one likes to pay insurance until after something bad happens. That’s why the meme below is so popular in security circles – it’s just so true.
To protect operational resilience, don’t wait until after a breach to improve cybersecurity.
Critical Infrastructure Is at Risk
The fact is, if you wait, you’re late. It’s that simple. In today’s world, it’s safer to assume you will be attacked than wonder if you will.
Far too often critical infrastructure providers such as water utilities are either not funded, or haven’t made it a priority to proactively take a post-breach approach to securing their networks. I was reading an article from the IWCE’s Urgent Communications and it summed up the situation nicely: “The harsh reality is that too many water utilities are stuck with antiquated systems and limited visibility into what’s happening in their operational technology (OT) environments.”
This is not to say everyone has this mentality. Many customers are trying to get ahead of the situation. One of the largest pharma companies in the world had a thorough audit done by a highly regarded consulting company and uncovered that one of their biggest gaps was network visibility – the most important step in cybersecurity. They embarked on a thorough research and evaluation process and are deploying Nozomi Networks to give them the visibility and security they need – before it’s too late.
Even in the case of Colonial Pipeline, the initial information available from the company and the press coverage seems to indicate that they had the processes in place to detect and contain this type of attacks – before it had an opportunity to be exploited further and cause more damage. I’m sure there will be a financial impact for having to take systems offline in this containment, but imagine an attack where they didn’t have the systems and processes in place and they lost control of their business for an extended period of time. It would make the cost of proactively taking things offline look like a rounding error.
Don’t Delay: Adopt a Post-Breach Mindset Today
The industry is anxiously awaiting guidance and support/reinforcement from the federal government on how to protect critical infrastructure. Over the years, there has been a lot of talk about how actions aren’t catching up with the attackers. It’s going to be imperative that there are some very prescriptive steps providers have to take before it’s too late. There needs to be a level emphasis put on cybersecurity that we haven’t seen to date, or attacks like we saw on Colonial Pipeline and the Oldsmar Water Plant will be just the beginning. Funding, support and clear guidance will all play an important role in making sure our critical infrastructure is resilient and safe.
They say luck is when preparation meets opportunity. With today’s threat landscape getting broader and more sophisticated, if you adopt a post-breach mindset (without the impact of a breach), you will be extremely lucky.
Related Content
ON-DEMAND WEBINAR
Demystifying the Colonial Pipeline Attack & How Ransomware Works
- How the attack happened and who was responsible
- Who DarkSide is, and what cybersecurity professionals should understand about them
- What security practices you should put in place to counter ransomware
- What recommended actions you can take to prevent future ransomware incidents
RESEARCH REPORT
OT/IoT Security Report
What You Need to Know to Fight Ransomware and IoT Vulnerabilities
July 2021
RANSOMWARE
- Why ransomware is a formidable threat
- How Ransomware as a Service works
- Analysis of DarkSide, the malware that attacked Colonial Pipeline
VULNERABILITIES
- Latest ICS and medical device vulnerability trends
IoT SECURITY CAMERAS
- Why P2P security camera architecture threatens confidentiality
- How security cameras are vulnerable
- Research findings on surveillance cameras
RECOMMENDATIONS
- Ten measures to take immediately to defend your systems
Related Links
Industry Links
- Ponemon Institute: 2018 Cost of Data Breach Study: Impact of Business Continuity Management
- Darkreading.com: Are We Secure Yet? How to Build a ‘Post-Breach’ Culture
Nozomi Networks Links
- Blog: Colonial Pipeline Ransomware Attack: Revealing How DarkSide Works
- Blog: Responding to the Colonial Pipeline Breach & CISA Ransomware Alert
- Blog: Hard Lessons from the Oldsmar Water Facility Cyberattack Hack
- Solution Brief: The Leading Solution for OT & IoT Security and Visibility
- Data Sheet: Nozomi Networks Vantage
- Webpage: Threat Intelligence
CEO
Armed with an outstanding track record of matching technical capabilities to market needs, Edgard Capdevielle has been a rainmaker in security, data center and cloud storage for many years. He is often invited to share his unique insights as a keynote speaker and panelist at industry and cybersecurity conferences worldwide. As CEO of Nozomi Networks, Edgard is deeply committed to protecting our critical infrastructure from escalating threats, and helping industrial organizations address their complex network visibility and cybersecurity challenges.