Protect Your Castle: Securing Operational Technology Against Today’s Threats

When malicious actors eye your organization’s network, they are looking for any way in. Even the slightest crack in the armor could allow them to strike and cause irreparable damage. As the use of operational technology (OT) has skyrocketed in the past several years, attackers have identified vulnerabilities that could give them that opportunity, taking advantage of poorly protected devices and systems.

We’ve seen financial organizations fall victim again and again. ATM malware-as-a-service attacks entered the scene last year and as a result security breaches have become routine. It’s no longer a matter of if your network will be breached, but when.

The increasing reliance on OT and rise in interconnected devices within financial services, such as ATMs and surveillance cameras, delivers big benefits in the form of improved customer service, safety and efficiency. But at what risk? The same devices that were put in place to enhance operations and improve the speed of business are creating new entry points for hackers and posing serious threats to an organization’s sensitive information.

The challenge in mitigating the risk associated with OT is that each device is unique — aggregating information and communicating with the network differently. Therefore, creating and applying a broad-sweep security policy for OT isn’t the answer. Nor is it as simple as applying IT practices to OT systems.

Since actors are constantly evolving their attack methods, focusing security efforts on identifying and eradicating the attack vector is an uphill — and costly — battle that you will likely never win. The best and most efficient way to eliminate vulnerability crossover between OT and IT is to emphasize isolation and containment of critical assets, to eliminate any avenue of entry for hackers.

Build and Protect Your Castle

The concept of a Defense in Depth methodology for network security is nothing new. Dubbed the “Castle Approach,” this strategy focuses on establishing multiple layers of security controls throughout your IT infrastructure, similar to how castles were built centuries ago, with moats, walls and other nearly impenetrable barriers against intruders. Rather than investing in a team of guardsmen to identify and eliminate intruders, doesn’t it make more sense invest in guards as well as a drawbridge and a moat? This kind of multi-layer approach isolates your important information from the outside world, and creates the best defense against lateral attacks from hackers looking to breach your system through an OT device.

Network Segmentation is a Must

As IoT has gained momentum in the business world, the idea that all aspects of a network should be connected has become relatively standard practice. The reality however, is that not every device needs to communicate with the core network or the internet and some level of segmentation should still be in place. There are certain parts of your business, like internal accounting records or customers’ personal identification information (PII), that have no reason to be visible to the rest of the world and therefore should not be connected to even a well-defined perimeter. For those devices that do need to be connected, a degree of separation should be implemented to separate them from core operations.

Adopting a Defense in Depth approach means taking network segmentation seriously — essentially making IT and OT undiscoverable from each other. By completely isolating the OT that supports enterprise operations (which was likely never intended to be publicly accessible) you simultaneously protect OT from vulnerabilities inherent in an IT environment.

A Defense in Depth Strategy Extends Beyond IT

Creating and implementing a Defense in Depth strategy cannot fall squarely on the IT department. A commitment to improved cybersecurity hygiene has to start from the top, with board and C-level executives making cyber security actively engaging with IT to better understand what’s being done today and where improvements should be made. When leadership and IT partner to improve your company’s security posture, executives then trust IT to make smart and needed security investments and in turn, IT can trust that leadership will support it.

While adopting a Defense in Depth approach to your infrastructure is not a turnkey solution, it is the best way to protect your most valuable data and your customers’ sensitive information. By isolating your financial services infrastructure from your IT environment, you get the ultimate defense for a more secure network.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

20 Things You Didn’t Know About the NJ Transit
Never Misunderstand Kindness For Weakness
Whatever Happened to Tori Spelling’s Net Worth?
10 Things You Didn’t Know about FirstEnergy CEO Charles E. Jones
How One Traveler Visited Six National Parks for $266
Payment Trends to Watch in 2019
12 Things You Need to Know About IRA Rollover Rules
What are “Penny Pokes” And How Can You Make Money With Them?
The Five Most Innovative Fintech Companies of 2019
Defining Least-Privilege Cybersecurity for Today’s Global Businesses Landscape
Four Tips For Developing a Profitable App
Cybersecurity and the C-Suite: What Executives Need to Know
The Five Best Beach Destinations in Croatia
What You Can Do with 5,000 or Less Delta SkyMiles
A Closer Look at Qatar Airways’ Qsuite Ticket
The Five Best Beach Destinations In Southern India
Did Jerry Seinfeld Really Sell a Phony Porsche for $1.5 Million?
2019 Maserati Ghibli S Q4 GranSport Review
The Top 10 Supercars to Watch Out for in 2020
A Closer Look at The 2020 Toyota Supra
A Closer Look at the Chanel Monsieur De Chanel Watch
A Closer Look at the Ambassador Watches Heritage 1921
A Closer Look at the Moritz Grossmann ATUM GMT
A Closer Look at the Rado Hyperchrome Traditional Captain Cook MK II