The Crisis of Convergence: OT/ICS Cybersecurity 2023, which is available for free download, “details diverse intensifying challenges, including growth in attacks via Ransomware-as-a-Service (RaaS) models, exploitation of supply chain vulnerabilities and prevalence of state-sponsored hackers and other politically motivated actors in the wake of geopolitical issues,” according to the company announcement.

TXOne Networks surveyed 405 key information technology (IT) and operational technology (OT) security decision-makers from across multiple global markets and sectors including automotive, pharmaceuticals and biotechnology, chemical, general manufacturing, oil and gas and transportation in September 2023.

The Crisis of Convergence: OT/ICS Cybersecurity 2023 “distills the survey findings, alongside extensive TXOne Networks threat research from 545 cybersecurity incidents around the world in 2023,” according to the company announcement.

“The threat landscape has intensified significantly in the industrial manufacturing and critical infrastructure sectors, leading to destructive events, economic losses, and potential risks to human safety,” reads the TXOne Networks report, which was produced in collaboration with Frost & Sullivan.

“Organizations emphasize the protection of critical OT assets as a top priority, with data security being a key investment area within their OT security budget allocations,” the report says. “Organizations are also seeking to invest in strengthening the resilience of their technological infrastructure and are turning to innovative approaches like Cyber-Physical Systems Detection and Response (CPSDR), which integrates OT expertise across various domains.

“This enhances OT security posture and resilience against evolving threats, enabling organizations to better protect their operations and ensure resilience in the face of a constantly changing threat environment,” according to the report.

More About the TXOne Networks Cybersecurity Report

The Crisis of Convergence: OT/ICS Cybersecurity 2023 explores a range of topics relevant to contemporary OT/ICS cybersecurity:

• Ransomware threats
• OT system maintenance and Information Technology (IT) integration concerns
• Nation-state cyberattacks and implications
• Dedicated teams for OT and Industrial Control System (ICS) security management
• OT/ICS cybersecurity investment
• New regulations and standards propelling OT/ICS defense
• Supply-chain Integrity

“The Crisis of Convergence: OT/ICS Cybersecurity 2023 is the result of a thorough research and technical analysis that is aimed at delivering up-to-date insights into the global threat landscape and the tactics that malicious actors employ to launch attacks,” says Terence Liu, chief executive officer (CEO) of TXOne Networks, in the announcement.

“The findings are clear,” he says. “Organizations must move well beyond regulatory compliance in their OT/ICS cybersecurity strategies if they are to successfully adapt for the constantly evolving threat.

“Safeguarding the availability, reliability and security of revenue-generating operations will depend on new governance structures, enhanced team and technical capabilities, integration of advanced threat detection and response into cybersecurity frameworks and risk management across the supply chain,” says Liu.

Another version of this article originally appeared on our sister-site Security Sales & Integration on February 16, 2024. It has since been updated for My TechDecisions’ audience.

The post Rising Ransomware, Supply Chain Disruptions & Geopolitical Issues Complicate Cybersecurity appeared first on My TechDecisions.

According to the Redmond, Wash. tech giant, Defender for IoT helps organizations manage assets, track emerging threats and control risks across enterprise and mission-critical networks in both connected and air-gapped environments.

In a blog, Microsoft says cloud-powered IoT and OT security solutions offer advantages over traditional solutions, including discovery of assets-end-to-end, detecting and responding to threats in real-time, defending against known and unknown threats, compliance reports, and workflows and integrations that leverage the cloud.

The solution also helps organizations solve OT security issues faster by unifying the security operations center (SOC) for both IT and OT assets, the company says.

“With Microsoft Defender for IoT, you can achieve faster time-to-value, improve agility and scalability, increase visibility, and strengthen the resiliency of your network and infrastructure without making significant changes,” Microsoft IoT and OT security experts write in a blog. “The Defender for IoT cloud is designed to augment your on-premises processing power while providing a source of centralized management for global security teams—raising the bar for OT defense.”

The company gives one scenario showing how Defender for IoT works in which a new vulnerability is published with information that could impact an organization’s OT devices, and threat actors are currently trying to exploit the bug.

“With Microsoft Threat Intelligence, the new CVE is ingested automatically and shared across our cloud-based security services, including Defender for IoT,” the company says.

Organizations can use the Microsoft Azure Portal to monitor for the new vulnerability across all devices and sites, resulting in a faster response time to secure IoT and OT environment.

Other scenarios where security professionals can benefit from Defender for IoT include OT security and compliance audits, attack surface reduction consulting and tabletop exercises, the company says.

The Defender for IoT solution also includes a new device inventory feature that allows SOCs to manage OT devices through the Microsoft Azure Portal. The feature supports unlimited data sources, including manufacturer, type, serial number, firmware, and more, helping organizations gain a complete picture of their IoT and OT assets to address any vulnerabilities.

In addition, Defender for IoT integrates with Microsoft Sentinel to provide security information event management for both OT and IT environments, and the solution also shares threat data with Microsoft 365 Defender, Microsoft Defender for Cloud and other products like Splunk, IBM QRadar and ServiceNow, Microsoft says.

The post Microsoft Launches Defender for IoT Cloud-Managed Platform appeared first on My TechDecisions.

The Santa Clara, Calif.-based company’s Zero Trust OT Security solution is highlighted by the new cloud-delivered Industrial OT Security service that can be enabled — without the need to install additional sensors — by any of the 61,000-plus active customers of Palo Alto Networks network security products: hardware and software Next-Generation Firewalls (NGFW) and Prisma SASE, the company says.

The solution is built on an AI-powered foundation designed to make it easy to deploy and enable customers to secure OT environments from sophisticated threats while simplifying operations, according to a press release.

“Most OT security solutions in the market fall short because they can’t identify all the assets and can only alert but don’t prevent threats. This leads to a patchwork of siloed security technologies, which can lead to security gaps,” says Anand Oswal, senior vice president of network security at Palo Alto Networks. “Our OT Security solution is designed to help organizations stay secure through granular visibility and effective inline security while meeting their availability and uptime requirements.”

According to the company, the solution uses an ML-powered OT visibility engine that recognizes hundreds of unique OT device profiles, over 1,000 OT/industrial Control System applications and has hundreds of distinct OT threat signatures to help protect hard-to-secure assets.

The service helps security teams proactively understand risk and apply controls, and it continuously observes, categorizes and visualizes asset behavior so anomalies can be discovered immediately and addressed with firewall policy, the company says.

According to Palo Alto Networks, the Zero Trust OT Security solution secures multiple OT use cases with consistent Zero Trust policies, all managed centrally:

• OT assets and networks using Palo Alto Networks NGFWs, along with the new Industrial OT Security service.
• Remote access using Prisma SASE.
• 5G-connected devices using NGFWs with Palo Alto Networks 5G-Native Security.

The Zero Trust OT Security solution and service will be available next month.

The post Palo Alto Networks Launches Zero Trust OT Security Solution appeared first on My TechDecisions.

The difficulties of vulnerability management in DevSecOps

New research from vulnerability management platform company Rezilion shows that 66% of organizations are dealing with a massive backlog of vulnerabilities, with 66% saying their backlog consists of more than 100,000 security bugs. Further, more than three-quarters of respondents say detecting and remediating just one vulnerability in takes at least 21 minutes, and 80% say their organizations spend more than 16 minutes to detect just one bug in production.

Read Rezilion’s report on vulnerability management in DecSecOps.

CISA, NSA publish advisory on operational technology and industrial control system defense

The U.S. Cybersecurity and Infrastructure Agency along with the National Security Agency have issued an advisory about control system defense for operational technology and industrial control systems to give owners and operators an understanding of tactics, techniques and procedures used by threat actors. The information builds on previous guidance released in 2021 and 2020.

The agencies say the advisory is designed to help secure critical infrastructure and protect assets from cyberattacks, including from nation-state groups and others that target these systems to achieve political gains, economic advantages or destructive effects.

Read the joint advisory.

SMBs investing in tech to support innovation

A new report from CompTIA shows that U.S. small and mid-sized businesses are shifting their tech investment strategies and are hiring skilled tech workers to drive innovation. The study shows that 28% of SMBs want to spend on tech that boosts innovation, compared with just 19% in 2021. Further, 39% want to hire additional tech staff this year, compared to just 25% that said the same in 2021.

About half of SMBs surveyed say their tech spending level if just right, 22% say it’s too high, and a quarter don’t believe they’re spending enough on tech.

Read more about SMB tech spending.

Gartner IT Symposium/Xpo set for next month

The Gartner IT symposium/Xpo will be held Oct. 17-20 at the Walt Diskey World Swan and Dolphin Resort. The IT research giant says over 8,000 CIOs and IT leaders will attend the four-day conference to hear from over 140 Gartner experts and 185 solution providers in more than 500 sessions. Keynotes will include

• Julie Sweet, Chair and CEO, Accenture
• General David H. Petraeus, Director, CIA (2011-2012), Commander of U.S. and International Security Assistance Forces-Afghanistan (2010-2011); Partner, KKR
• Mike Krzyzewski, Head Men’s Basketball Coach, Duke University (1980 – 2022)
• Nicole Malachowski, First Woman Thunderbird Pilot; Combat Veteran, Fighter Squadron Commander; White House Fellow and Adviser
• Emmanuel Acho, NYT Bestselling Author, Emmy Award Winner, Host & Fox Sports Analyst

Learn more about Gartner’s event.

The post This Week in IT: DevSecOps, OT Security, SMB Tech Spending, Gartner’s IT Conference appeared first on My TechDecisions.

In today’s interconnected world, anyone and any organization could be a target. That includes operational technology (OT) in the industrial space – a market that has a plethora of soft targets. Unsupported PCs, flat networks with little thought given to security, and old model programmable logic controllers (PLCs) – industrial computers adapted to control the manufacturing process for things such as assembly lines and machines – are ripe for adversaries to compromise, especially as OT and IT converge.

Related: Just 42% Of Security Pros Can Detect IoT, OT Vulnerabilities

As these OT components go from being stand-alone, independently operated pieces of equipment to being connected to IT networks (hello IoT!), these endpoints have become susceptible entry points for hackers. Unlike other scenarios where hackers are after compromised information or data, those targeting industrial environments are often seeking to cause chaos. These attacks on OT have the potential to cause physical harm, posing big risks to both public and employee safety. Gartner offers a grim prediction for just how quickly these types of cyber threats could be weaponized.

There is good news, however, is there are practical things that can be done – with infrastructure already in place – to fortify OT/IT operations. Here are eight things organizations can do today to help put themselves and others out of harm’s way. The first four are obvious, and the second set less so, but all help ensure companies can take advantage of security features and best practices from existing investments with no further spend required.

First Four: Obvious, but proven

1. Update passwords. Simple, yet incredibly effective. Take it a step further and set up a schedule to consistently reset passwords for maximum benefit.

2. Protect and keep current user accounts. Leverage your existing Active Directory to manage permissions and controls. For example, when employees leave the company or move to different departments within the organization, their permissions should be revoked or adjusted accordingly. In tandem, user accounts should be periodically reviewed to make sure the correct access controls are in place.

3. Separate administrators from operators. Admin accounts should always be closely guarded, and operators should not be able to make inappropriate system changes. Often these happen on accident as human error plays a role, but the impacts can be widely felt. Ensuring the separation of these two groups ensures any accidental system changes are minimized.

4. Segment the network. You have the flexibility to determine how to break down your network into smaller pieces. Doing so is an easy way to add a layer of security to your system and to isolate events. This can also come with an added benefit of improved performance.

Second Four: A layered approach

5. Consider 802.1x port security and disable unused ports. With 802.1x, clients must authenticate through the network when connecting. This means any rogue devices present on the network will not be able to connect and garner unauthorized access. Disabling any unused ports works the same way and prevents unauthorized devices from being plugged in to the network.

6. Save configuration backups offline. Any devices on the system that can have a saved configuration file should have current and prior versions saved in an offline location. In the case of a cyber incident or hardware replacement, those saved configurations can save you a lot of time as you get things back up and running.

7. Disable unused services. Notice a pattern here? It’s important to be proactive so that anything that’s not being used is disabled to prevent unauthorized access. Taking advantage of unused services is a common way for hackers to access a network. Reduce your risk by simply turning them off.

8. Reassign native VLANs. Just like network segmentation, reassigning native VLANs is another opportunity to layer on additional security with equipment that would already be in your system.

The union of IT and OT allows access to data and control that was previously unattainable – and with it comes an increased attack surface for cybersecurity threats. By deploying the eight best practices outlined above, organizations can quickly take steps to help harden their infrastructure and reduce the opportunity for hackers to wreak havoc, all without spending additional dollars on cybersecurity infrastructure.

This piece was written by Matt Powers, vice president of global technology & support services at Wesco International.

The post 8 Easy Ways to Fortify Operations from Cyber Threats with Technology You Already Have appeared first on My TechDecisions.

Researchers surveyed more than 600 IT, cybersecurity and OT security experts across the U.S., and found that many organizations are making significant investments in the Internet of Things (IoT) and operational technology (OT), but aren’t updating their security policies to apply to those investments.

The survey shows that 68% of respondents say senior management believes IoT and OT are critical to supporting business innovation and strategic goals, and 65% say senior managers are making IoT and OT projects a priority.

Meanwhile, a disappointing amount said their organizations proceeded with caution due to cybersecurity concerns. According to the research, just 31% of IT security practitioners have slowed, limited, or stopped the adoption of IoT and OT projects due to security concerns.

However, a majority of respondents recognize the security pitfalls of IoT and OT, as 55% say those devices were not designed with security in mind, and 60% say those technologies are the least secure of their technology infrastructure.

“Based on the data, it appears that business interests are currently taking priority over the increased security risks that organizations assume, as they advance their IoT and OT projects,” reads a Microsoft blog on the study. “This puts security and risk leaders in a difficult place and explains why IoT and cyber-physical systems security has become their top concern for the next three to five years.”

The research also showed that IoT and OT devices are increasingly directly connected to the internet, making them targets that can be breached from outside the organization. According to the research, 51% of OT networks are connected to corporate IT networks like SAP and remote access. These devices are no longer segmented away from corporate networks, and Microsoft calls on IT teams to move away from those legacy assumptions.

Meanwhile, 88% of respondents say their organization’s IoT devise are connected to the internet for things like cloud printing services, and 56% say OT devices are connected to the internet for remote access and other purposes.

The threat of IoT and OT devices being compromised has garnered much attention recently, but it is very real, according to the research, as nearly 40% of respondents said they’ve experienced an attack where IoT or OT devices were the actual target or used to conduct broader attacks.

However, securing IoT and OT devices is a challenge, the research shows, as just 29% of respondents have a complete inventory of those devices.

Those that do have a complete inventory have a lot on their hands, as the average number of IoT and OT devices is nearly 9,700. Even more alarming is that 42% say they don’t have the ability to detect vulnerabilities on those devices, and 64% expressed having a low or average level of confidence that those devices are patched and up to date.

When it comes to threat detection, technology experts are having a hard time determining if an IoT devices is compromised, as 61% have low or average confidence in their ability to do so.

In the blog, Microsoft points IT security leaders to its newly announced features for Microsoft Defender for IoT. Announced during the company’s Ignite conference last month, the tool now features agentless monitoring capabilities to help secure IoT devices connected to IT networks including VoIP, printers and smart TVs.

Read the company’s blog for more information on the product and how to secure OT and IoT devices.

The post Just 42% Of Security Pros Can Detect IoT, OT Vulnerabilities appeared first on My TechDecisions.