The remote access genie is out of the bottle and the longer it’s on the loose, the harder it’s going to be to put it back in. While many employees like their new-found flexibility, it’s created OT system security headaches for CISOs. Let’s take a look at workplace changes happening around the world, and how organizations can maintain security during these unprecedented times.
COVID-19 has forced organizations to rethink traditional work environments, and many employees are loving it. No more long commutes or missing work to look after sick family members, and they can put in a load of laundry over the lunch hour.
The Expanding Remote Workforce – Is it Here to Stay?
Whether you call it smartwork or homework, it’s a trend that’s likely to stick around. Research by Eurostat showed that in 2018, only 3.6% of working Italians did so from home.1 A March 2020 Forbes article estimated that the number of Italian employees working remotely soared to 62% (8 out of 13 million), due to the pandemic.2
In the United States, pre-coronavirus, 3.6% of employees worked from home half or more of the time, while 80% would prefer to work remotely at least sometimes.3 Just across the border, a March 2020 poll by Statistics Canada found that 4.7 million more people started working remotely that month, and 65% of those surveyed hoped to continue to do so after the pandemic is over.4
Fortunately, many employers are seeing the benefits of a remote work environment too. In a recent forecast, Global Workplace Analytics predicted that by 2022, 25-30% of the workforce will be working remotely multiple days a week.5
Remote Access Creates OT System Security Challenges for CISOs
Sounds great for employees, but all is not all so rosy for employers. The chief information security officers (CISOs) responsible for the resilience of OT systems now face an even greater dilemma: how do they keep these critical systems running 24/7 when employees are encouraged or mandated to work from home, and are highly dependent on secure connectivity to function normally?
Much of the answer lies in opening up systems that are traditionally closed to the outside world to allow for remote management. To achieve this, CISOs need to balance safety, productivity and cybersecurity risk. Even the slightest oversight can open the door to cyber risks, and potentially cause harm to employees, company reputation, revenue, and much more.
The large number of open connections from remote workers back to the enterprise or operational technology (OT) systems introduces cyber risks. Some corporate leaders may not be prioritizing cybersecurity as they scramble to keep their businesses running; not realizing that threat activities carry on – and are sometimes even heightened – during times of crisis.
In Singapore for example, online home-based learning was disrupted when hackers hijacked the platform to display obscene images to students. Imagine if these threat actors were to successfully target the OT systems of essential services like power grids, water supply, transportation or manufacturing. The impact could be catastrophic.
Pandemic-Related Ransomware: Preventing Disruption to OT
In 2017, one of the most notorious ransomware threats – NotPetya – crippled sectors such as energy, oil and gas, logistics, pharmaceutical, and manufacturing. Ultimately, over $10 billion dollars in damages were reported. What made NotPetya different from typical cyberattacks that occurred in the past decade was that it targeted physical assets in industrial and critical infrastructure systems.
Ransomware incidents impacting OT are ongoing. The spread of Snake ransomware in January 2020 continues to draw attention because it is extremely difficult to recover from without paying the attackers. What makes Snake so formidable is that it employs obfuscation, and then kills processes specific to industrial software found in OT networks before file encryption begins. This method isn’t typically used in ransomware. The impact is significant because it disrupts operation by hindering engineers from accessing vital production-related processes.
To make matters worse, highly skilled threat actors are employing second stage techniques to increase the severity of attacks. For example, a cybercriminal may first gain privileged access to a network by exploiting vulnerabilities or via credential theft. This allows the attacker to then study and learn the environment before deploying ransomware directly to key operational assets. With remote access accelerating, organizations with industrial control systems (ICS) networks must be even more vigilant.
Planning for a Post-pandemic Recovery
To maintain resilience during COVID-19, we encourage organizations to include both IT and OT teams in cybersecurity planning.
Here are some of our recommendations to strengthen an organization’s security posture exposed by the sudden increase of employees working from home:
- Increase visibility into the OT environment by using passive traffic monitoring to identify and baseline critical assets and operational states
- Bolster detection capabilities with anomaly detection technology in IT and OT environments
- Apply a healthcheck to network infrastructure and ensure correct network segregation and firewall policies are in place
- Ensure all devices and services are patched. It’s also important to shorten patch cycles, particularly for those that protect remote infrastructure. Where appropriate, use virtual patching to complement existing patching processes until a permanent patch can be conducted
- Deploy a resilient backup policy that supports quick access to impacted files
- Perform asset hardening to disable services used by ransomware for propagation
COVID-19 has brought wave after wave of personal and business challenges, and we will likely feel its repercussions for some time. It’s never been more important for organizations to prioritize OT and IoT cybersecurity and mitigate risk in order to recover and succeed in the post-pandemic era.
Addressing Your Remote Access Security Challenges
The remote access genie is out of the bottle and it won’t be going back in any time soon. To help you with the operational challenges it creates for OT and IoT systems, Nozomi Networks provides a powerful security and visibility toolkit, including asset and threat intelligence subscriptions and add-ons like Smart Polling and Remote Collectors that can be deployed quickly and easily.
If you’d like to find out more about how we can help, let us know.
Sources
- How usual is it to work from home?
- Italy Working Remotely During Lockdown Gets A Preview Of The Future Of Energy
- Latest Work-At-Home/Telecommuting/Mobile Work/Remote Work Statistics
- Nearly 5 million more Canadians are working from home, and many like it: surveys
- Work-At-Home After Covid-19—Our Forecast
