Countering cyber attacks: What to do and what not to do

In January 2022, Crypto.com, a leading US cryptocurrency company, was attacked by cybercriminals. They siphoned off $18 million worth of Bitcoin, Ethereum valuing $15 million, and other cryptocurrencies. The attackers successfully bypassed two-factor authentication and gained unauthorized access to nearly 500 people's cryptocurrency wallets. Later that year, in March, Microsoft was targeted by a group of hackers, Lapsus$, who claimed to have compromised Microsoft products such as Bing, Cortana, etc. However, Microsoft confirmed that only one account was affected and that they had blocked the hacking attempt on time. The company's security team was one step ahead as they had stepped up their cyber defense, knowing that the Lapsus$ group had previously targeted Nvidia, Samsung, and plenty of other companies.

Today, new threats are emerging faster than ever. This is attributed to the deepening geopolitical tussles, rising inflation, unemployment, poverty, and food insecurity. According to US Cyber Intelligence Division, 'Cybercrime' is high on the agenda of nation-states, corporations, and international organizations across the globe. While financial gain constitutes 41 % of breaches, human element or insider threats account for 81%. So, how should you react if your business is under attack?

A leading provider of audit, tax, and security has identified the following as the crown jewels of an organization and urged to keep them double-vaulted to prevent unforeseen breaches:

●??????IT or Information technology: Network diagrams, system logs, and network access directory

●??????OT or Operational technology: System-configuration information, programmable logic controllers, and SCADA protocols

●??????Critical or management assets: Internal strategy, executive and board communications, customer and employee personal information

Most enterprises’ OT-IT setups today consist of legacy equipment, which does not have enough fortifications from unsecured networks. Generally, network-based controls such as firewalls allow data to bypass, leaving OT systems to analyze and detect possible vulnerabilities. Unfortunately, cybercriminals then leverage these vulnerabilities, in addition to those in VPNs (virtual private networks) and network-device software. Therefore, mere scanning is not the answer. Instead, it needs a real-time threat detection and response tool to plug this security gap.

Enterprises are hesitant to upgrade the OT environment as running security patches on such high-availability systems needs adequate backup systems to perform tests conveniently, which they usually don't possess. Moreover, repeated workarounds, higher levels of complexity, and disruption risks due to newer technologies, such as industrial IoT devices, cloud services, mobile industrial devices, and wireless networking, only add to the woes of such businesses.

According to our cybersecurity consultants, the best way for enterprises to secure their OT environment is to consider their unique challenges and process requirements carefully. Several leading cybersecurity providers and incumbent Original Equipment Manufacturers (OEM) are developing new approaches, innovative technologies, and powerful strategies focused on protecting the OT environment and businesses. Solutions today usually combine unique operational challenges and business goals, offering holistic cybersecurity.

Enterprises today also demand increased convergence between their IT-OT systems, also known as IIoT. Before investing, strategies for protection and prevention must span both OT and IT ecosystems and deeply integrate their security functions. Our cybersecurity experts suggest that this can be accomplished by establishing a Security Operations Center (SOC) encompassing IT & OT. It should mainly involve detailing escalation protocols and incident response plans for OT-related attack scenarios. For instance, CAT, or Caterpillar is a leading US machinery company that recently established its IIoT unit. Launching its industrial machinery with intelligent sensors and network capabilities, the company achieved a 45% improvement in its process optimization, monitoring, and overall production. American automotive and energy giant, Tesla, deploys IT-driven data infused into AI capabilities to grow their business. The company’s autonomous indoor vehicles can recharge their batteries on their own. It also empowered its customers to control and check their devices from anywhere through their smartphones.

Another exciting trend cited in recent studies is the establishment of architecture-review committees by businesses relying on mature heavy industrial equipment. They vet novel technologies and analyze modifications to existing technologies. A second line of defense team carries out Information Risk Management (IRM), including strategy, compliance, and reporting. Numerous big-shot corporates, however, have their own independent internal audit function. Such positive developments include decentralizing heavy industries, necessitating integrating security into technology-related decisions beyond OT-IT, different functionalities, and business units.?