Protect Your Castle: Securing Operational Technology Against Today’s Threats

When malicious actors eye your organization’s network, they are looking for any way in. Even the slightest crack in the armor could allow them to strike and cause irreparable damage. As the use of operational technology (OT) has skyrocketed in the past several years, attackers have identified vulnerabilities that could give them that opportunity, taking advantage of poorly protected devices and systems.

We’ve seen financial organizations fall victim again and again. ATM malware-as-a-service attacks entered the scene last year and as a result security breaches have become routine. It’s no longer a matter of if your network will be breached, but when.

The increasing reliance on OT and rise in interconnected devices within financial services, such as ATMs and surveillance cameras, delivers big benefits in the form of improved customer service, safety and efficiency. But at what risk? The same devices that were put in place to enhance operations and improve the speed of business are creating new entry points for hackers and posing serious threats to an organization’s sensitive information.

The challenge in mitigating the risk associated with OT is that each device is unique — aggregating information and communicating with the network differently. Therefore, creating and applying a broad-sweep security policy for OT isn’t the answer. Nor is it as simple as applying IT practices to OT systems.

Since actors are constantly evolving their attack methods, focusing security efforts on identifying and eradicating the attack vector is an uphill — and costly — battle that you will likely never win. The best and most efficient way to eliminate vulnerability crossover between OT and IT is to emphasize isolation and containment of critical assets, to eliminate any avenue of entry for hackers.

Build and Protect Your Castle

The concept of a Defense in Depth methodology for network security is nothing new. Dubbed the “Castle Approach,” this strategy focuses on establishing multiple layers of security controls throughout your IT infrastructure, similar to how castles were built centuries ago, with moats, walls and other nearly impenetrable barriers against intruders. Rather than investing in a team of guardsmen to identify and eliminate intruders, doesn’t it make more sense invest in guards as well as a drawbridge and a moat? This kind of multi-layer approach isolates your important information from the outside world, and creates the best defense against lateral attacks from hackers looking to breach your system through an OT device.

Network Segmentation is a Must

As IoT has gained momentum in the business world, the idea that all aspects of a network should be connected has become relatively standard practice. The reality however, is that not every device needs to communicate with the core network or the internet and some level of segmentation should still be in place. There are certain parts of your business, like internal accounting records or customers’ personal identification information (PII), that have no reason to be visible to the rest of the world and therefore should not be connected to even a well-defined perimeter. For those devices that do need to be connected, a degree of separation should be implemented to separate them from core operations.

Adopting a Defense in Depth approach means taking network segmentation seriously — essentially making IT and OT undiscoverable from each other. By completely isolating the OT that supports enterprise operations (which was likely never intended to be publicly accessible) you simultaneously protect OT from vulnerabilities inherent in an IT environment.

A Defense in Depth Strategy Extends Beyond IT

Creating and implementing a Defense in Depth strategy cannot fall squarely on the IT department. A commitment to improved cybersecurity hygiene has to start from the top, with board and C-level executives making cyber security actively engaging with IT to better understand what’s being done today and where improvements should be made. When leadership and IT partner to improve your company’s security posture, executives then trust IT to make smart and needed security investments and in turn, IT can trust that leadership will support it.

While adopting a Defense in Depth approach to your infrastructure is not a turnkey solution, it is the best way to protect your most valuable data and your customers’ sensitive information. By isolating your financial services infrastructure from your IT environment, you get the ultimate defense for a more secure network.

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How Gary Payton Achieved a Net Worth of $120 Million
All Aboard! Why Onboarding is Crucial to Employee and Company Success
Yao Ming’s Business Empire After Life in the NBA
How Miguel Cabrera Achieved a Net Worth of $125 Million
Omega Healthcare Investors
Why Omega Healthcare Investors is a Solid Dividend Stock
World of Hyatt Credit Card
10 Benefits of Having The World of Hyatt Credit Card
PPL Corporation
Why PPL Corporation is a Solid Long-Term Dividend Stock
10 Great Credit Cards for Making Gas Purchases
Seamless Virtual AI Assistant
How Close Are We to Seamless Talking AI Assistants?
Wearable ECG
How Will Wearable ECGs Affect Our Future?
Computer Vision
What is Computer Vision and How Does it Impact the Future
Pervasive Computing
What is Pervasive Computing and How Does it Factor Into Our Future
Boston Chops Steakhouse
Why Boston Chops is One of Boston’s Finest Steakhouses
10 Reasons to Stay at The Dominick in NYC
Grill 23 Boston
Why Grill 23 is One of Boston’s Finest Steakhouses
Intercontinental Times Square
10 Reasons You Should Stay at the Intercontinental in Times Square
2000 Ferrari Rossa by Pininfarina
A Closer Look at The 2000 Ferrari Rossa by Pininfarina
1956 Ferrari 250 Testa Rossa
A Closer Look at The 1956 Ferrari 250 Testa Rossa
1967 Ferrari 330 P4 Berlinetta
A Closer Look at The 1967 Ferrari 330 P4 Berlinetta
1968 Ferrari Dino 246
A Closer Look at the 1968 Ferrari Dino 246
What to Watch For: A Collector’s Interview
A Closer Look at the Breitling Bentley Flying B No. 3
2019 Breitling
Benefits of Authorized: Avoiding the Grey Market
Breitling Emergency II Titanium
A Closer Look at the Breitling Emergency II Titanium