Share this article on:
What does a cyberattack really cost? Key insights to mitigate impact to your OT network.
Experts from OT-ISAC, the Cyber Security Agency of Singapore, and Claroty—along with Admiral (Ret.) Michael S. Rogers, Team8 Advisor and the Chairman of Claroty’s Board of Advisors—came together for an engaging conversation on the implications of recent cyberattacks on OT networks and key efforts to improve OT cybersecurity posture against these threats. Part of the OT-ISAC Digital Series, the discussion on “Cyberattack Implications on OT Networks” covered a range of topics, including:
Below are just a few of the key takeaways from the session
Ransomware has evolved from a nuisance to a serious threat because there is no lack of victims, attackers can reuse techniques with great success, and it’s a direct line to profits. Recently, we’ve seen increased diversity and variety in the nature and objective of attacks. The attacks on Colonial Pipeline and JBS Foods were primarily focused on getting ransom. However, the SolarWinds supply chain attack included the ability to beacon out to command-and-control servers and exfiltrate data from certain victims. And the attack against the Oldsmar water-treatment facility is widely viewed as an attempt to poison the water supply. Ransomware campaigns and the threat actors behind them are large, well-funded, and prolific, making it impossible for individual companies to address this issue on their own. And legislation to make ransomware payments illegal won’t eliminate this rampant and increasingly destructive threat either. Ransomware is here to stay, so we must come up with approaches and solutions we can sustain over time. Which leads to the next two takeaways: the need for collaboration and building resilience.
Many of the critical functions that underpin our way of life are provided by individual companies. Protecting them requires an ecosystem of stakeholders that includes public and private sector entities, working together to address ransomware across its entire lifecycle, from the initial attack to the disruption to the payment system to education and awareness. The private sector brings much of the technology and innovation to strengthen defenses and build resilience. While government has visibility into the cascading effects and interdependencies of such attacks, as well as the means to incentivize behaviors that will help drive the collaboration needed to address ransomware. For example, by changing tax laws, mandating timely reporting, and removing liability concerns for those who report attacks, we can encourage information sharing and change the dynamics. When we can share learnings from each incident quickly and apply those lessons to strength defenses and build resilience, we can prevent adversaries from continuing to use the techniques with success. Tapping into the capabilities and advantages each party in the ecosystem brings and collaborating to create a shared vision and holistic plan, will lead to better outcomes.
Organizations lack visibility and confidence to make the best decisions – we can change this.
There’s a tendency for organizations to make decisions on how to respond to an attack based on what they do not know, versus what they do know. For instance, shutting down operations out of an abundance of caution, but not based on any information to indicate that the OT network has been directly affected. These decisions are often driven by a lack of visibility and understanding of the organization’s level of exposure and limited confidence in their ability to mitigate the impact to the OT network. Most organizations are aware that adequate backup systems and recovery plans are essential for building resilience to ransomware attacks. However, visibility into impacted systems and the other systems that depend on them – financial, billing, OT, and others – is also important to understand exposure so you can make better decisions about what actions to take.
To build confidence in the ability to mitigate the impact to the OT network, panelists recommend the following industrial cybersecurity capabilities:
For further insights from this fascinating and open discussion, we encourage you to watch the webinar on demand.