The Dangers Of Ransomware And IT-Born Attacks
Another big challenge is one that goes beyond purely IoT-related security matters: ransomware attacks and other kinds of cyberattacks that originate in IT environments that can impact IoT devices and operational technology environments.
“Increasingly, ransomware is no longer a game of opportunistic infection but targeted activities against organizations that are in the critical infrastructure space and have the revenue and profitability to pay,” said Geyer, Claroty’s chief product officer.
A recent example includes the May 8 Darkside ransomware attack against Alpharetta, Ga.-based Colonial Pipeline, which jeopardized fuel access for more than 50 million Americans. Colonial reportedly paid a nearly $5 million ransom to Darkside to speed up the restoration process, but Colonial ended up using its own backups to restore its system because Darkside’s decryption tool was so slow.
In the case of Colonial, the company was reportedly hacked through an inactive account that didn’t use multifactor authentication for a virtual private network.
To Geyer and other security professionals, this underlines the fact that IT and OT operators need to think more holistically about the security of all their assets rather than thinking about different types of assets, like IoT devices, as separate categories that operate in their own siloes.
“Because hackers are just going to look for the weakest link to cause damage to the enterprise,” he said.
While there is no silver bullet to preventing ransomware and other kinds of attacks, Geyer said, organizations should take a multi-layered approach to security to reduce the chance of successful attacks. That means getting full visibility of the network as well as setting up threat detection services, firewalls, network access control and other kinds of security technologies. It also means training employees on best security practices, such as being judicious with links and attachments in emails.
“The digitization of everything means that there‘s opportunities, if [devices are] not properly coded, to get access into the environment, which is why it takes a multi-layered approach,” Geyer said.
Geyer said good policymaking also has a role to play. As an example, he pointed to President Joe Biden’s May 12 cybersecurity executive order that includes a section dedicated to improving the security of software supply chains used by the federal government.
“Your first glance might be, ‘well, this is only about securing the federal government,’ but if you think about it, if every organization that provides software to the federal government — and there‘s callout for IoT in there as well — has to have auditability, has to provide transparency, that same software is used by businesses and home users around the world,” Geyer said. “And so the trickle-down effect of that executive order should help ensure that there’s more diligence by organizations on securing the software that provides an entry point to so many attackers.”