Protect Your Castle: Securing Operational Technology Against Today’s Threats

When malicious actors eye your organization’s network, they are looking for any way in. Even the slightest crack in the armor could allow them to strike and cause irreparable damage. As the use of operational technology (OT) has skyrocketed in the past several years, attackers have identified vulnerabilities that could give them that opportunity, taking advantage of poorly protected devices and systems.

We’ve seen financial organizations fall victim again and again. ATM malware-as-a-service attacks entered the scene last year and as a result security breaches have become routine. It’s no longer a matter of if your network will be breached, but when.

The increasing reliance on OT and rise in interconnected devices within financial services, such as ATMs and surveillance cameras, delivers big benefits in the form of improved customer service, safety and efficiency. But at what risk? The same devices that were put in place to enhance operations and improve the speed of business are creating new entry points for hackers and posing serious threats to an organization’s sensitive information.

The challenge in mitigating the risk associated with OT is that each device is unique — aggregating information and communicating with the network differently. Therefore, creating and applying a broad-sweep security policy for OT isn’t the answer. Nor is it as simple as applying IT practices to OT systems.

Since actors are constantly evolving their attack methods, focusing security efforts on identifying and eradicating the attack vector is an uphill — and costly — battle that you will likely never win. The best and most efficient way to eliminate vulnerability crossover between OT and IT is to emphasize isolation and containment of critical assets, to eliminate any avenue of entry for hackers.

Build and Protect Your Castle

The concept of a Defense in Depth methodology for network security is nothing new. Dubbed the “Castle Approach,” this strategy focuses on establishing multiple layers of security controls throughout your IT infrastructure, similar to how castles were built centuries ago, with moats, walls and other nearly impenetrable barriers against intruders. Rather than investing in a team of guardsmen to identify and eliminate intruders, doesn’t it make more sense invest in guards as well as a drawbridge and a moat? This kind of multi-layer approach isolates your important information from the outside world, and creates the best defense against lateral attacks from hackers looking to breach your system through an OT device.

Network Segmentation is a Must

As IoT has gained momentum in the business world, the idea that all aspects of a network should be connected has become relatively standard practice. The reality however, is that not every device needs to communicate with the core network or the internet and some level of segmentation should still be in place. There are certain parts of your business, like internal accounting records or customers’ personal identification information (PII), that have no reason to be visible to the rest of the world and therefore should not be connected to even a well-defined perimeter. For those devices that do need to be connected, a degree of separation should be implemented to separate them from core operations.

Adopting a Defense in Depth approach means taking network segmentation seriously — essentially making IT and OT undiscoverable from each other. By completely isolating the OT that supports enterprise operations (which was likely never intended to be publicly accessible) you simultaneously protect OT from vulnerabilities inherent in an IT environment.

A Defense in Depth Strategy Extends Beyond IT

Creating and implementing a Defense in Depth strategy cannot fall squarely on the IT department. A commitment to improved cybersecurity hygiene has to start from the top, with board and C-level executives making cyber security actively engaging with IT to better understand what’s being done today and where improvements should be made. When leadership and IT partner to improve your company’s security posture, executives then trust IT to make smart and needed security investments and in turn, IT can trust that leadership will support it.

While adopting a Defense in Depth approach to your infrastructure is not a turnkey solution, it is the best way to protect your most valuable data and your customers’ sensitive information. By isolating your financial services infrastructure from your IT environment, you get the ultimate defense for a more secure network.

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

10 Things You Didn’t Know About eBay CEO Devin Wenig
10 Things You Didn’t Know about Fast Retailing CEO Tadashi Yanai
The Five Biggest Walmart Lawsuits in Company History
The 20 Most Notable University of Pennsylvania Alumni in the Business World
How Amazon and Synchrony Bank Teamed up For a Store Card
7 Subscriptions That Could Be Wrecking Your Budget
Five Coal Stocks That are Still a Buy in 2019
Giving Your Child The Best Chance to Be a Good Investor
How Hologram Technology is Becoming Part of the Mainstream
Root is the New Robot That Teaches Coding
Twenty Years of Payments: Where We’ve Been and Where We’re Going
Is The Future of Reading in Gamifying Books?
20 Places You Must See in the U.S. in 2019
20 Awesome Free Things to do in Las Vegas
Why Congaree is America’s Most Underrated National Park
A Quirky Jamaican Holiday at Sunset at the Palms Resort
A Closer Look at the 2020 Ford Escape
Six Porsche SUVs You Can Do No Wrong With
A Closer Look at The 2020 Mercedes-AMG A35 Sedan
The History and Evolution of the Bugatti Chiron
10 Types of Watches Trending Most in 2019
The History and Evolution of The Breitling SuperOcean
A Closer Look at the Nomos Club Sport Neomatik 42 mm
A Closer Look at the Ressence Type 5 Night Blue Watch