Countering cyberattacks: What to do and what not to do

In January 2022, Crypto.com, a leading US cryptocurrency company, was attacked by cybercriminals. They siphoned off $18 million worth of Bitcoin, Ethereum valuing $15 million, and other cryptocurrencies. The attackers successfully bypassed two-factor authentication and gained unauthorized access to nearly 500 people's cryptocurrency wallets. Later that year, in March, Microsoft was targeted by a group of hackers, Lapsus$, who claimed to have compromised Microsoft products such as Bing, Cortana, etc. However, Microsoft confirmed that only one account was affected and that they had blocked the hacking attempt on time. The company's security team was one step ahead as they had stepped up their cyber defense, knowing that the Lapsus$ group had previously targeted Nvidia, Samsung, and plenty of other companies.

Today, new threats are emerging faster than ever. This is attributed to the deepening geopolitical tussles, rising inflation, unemployment, poverty, and food insecurity. According to US Cyber Intelligence Division, 'Cybercrime' is high on the agenda of nation-states, corporations, and international organizations across the globe. While financial gain constitutes 41 % of breaches, human element or insider threats account for 81%. So, how should you react if your business is under attack?

A leading provider of audit, tax, and security has identified the following as the crown jewels of an organization and urged to keep them double-vaulted to prevent unforeseen breaches:

• IT or Information technology: Network diagrams, system logs, and network access directory
• OT or Operational technology: System-configuration information, programmable logic controllers, and SCADA protocols
• Critical or management assets: Internal strategy, executive and board communications, customer and employee personal information

Most enterprises’ OT-IT setups today consist of legacy equipment, which does not have enough fortifications from unsecured networks. Generally, network-based controls such as firewalls allow data to bypass, leaving OT systems to analyze and detect possible vulnerabilities. Unfortunately, cybercriminals then leverage these vulnerabilities, in addition to those in VPNs (virtual private networks) and network-device software. Therefore, mere scanning is not the answer. Instead, it needs a real-time threat detection and response tool to plug this security gap.

Enterprises are hesitant to upgrade the OT environment as running security patches on such high-availability systems needs adequate backup systems to perform tests conveniently, which they usually don't possess. Moreover, repeated workarounds, higher levels of complexity, and disruption risks due to newer technologies, such as industrial IoT devices, cloud services, mobile industrial devices, and wireless networking, only add to the woes of such businesses.

According to our cybersecurity consultants, the best way for enterprises to secure their OT environment is to consider their unique challenges and process requirements carefully. Several leading cybersecurity providers and incumbent Original Equipment Manufacturers (OEM) are developing new approaches, innovative technologies, and powerful strategies focused on protecting the OT environment and businesses. Solutions today usually combine unique operational challenges and business goals, offering holistic cybersecurity.

Enterprises today also demand increased convergence between their IT-OT systems, also known as IIoT. Before investing, strategies for protection and prevention must span both OT and IT ecosystems and deeply integrate their security functions. Our cybersecurity experts suggest that this can be accomplished by establishing a Security Operations Center (SOC) encompassing IT & OT. It should mainly involve detailing escalation protocols and incident response plans for OT-related attack scenarios. For instance, CAT or Caterpillar is a leading US machinery company that recently established its IIoT unit. Launching its industrial machinery with intelligent sensors and network capabilities, the company achieved a 45% improvement in its process optimization, monitoring, and overall production. American automotive and energy giant, Tesla, deploys IT-driven data infused into AI capabilities to grow their business. The company’s autonomous indoor vehicles can recharge their batteries on their own. It also empowered its customers to control and check their devices from anywhere through their smartphones.

Another exciting trend cited in recent studies is the establishment of architecture-review committees by businesses relying on mature heavy industrial equipment. They vet novel technologies and analyze modifications to existing technologies. A second line of defense team carries out Information Risk Management (IRM), including strategy, compliance, and reporting. Numerous big-shot corporates, however, have their own independent internal audit function. Such positive developments include decentralizing heavy industries, necessitating integrating security into technology-related decisions beyond OT-IT, different functionalities, and business units.

Let us have a look at the latest cybersecurity solutions to prevent sabotage and collateral damage:

Network monitoring and anomaly detection : Businesses today deploy AI/ML-powered behavior anomaly detection and a plethora of OT tools that monitor traffic in a non-invasive way. Threats are instantaneously identified and alerted to the respective security teams.

Third-party risk management : Recent research found that 70% of businesses found third-party breaches or cyberattacks in 2022 resulting from excess privileged access to third parties. It has often been found that cost and timing interfere with businesses' responsibility for vendor security compliance. Efficient in reducing costs and risk exposure, Information Sharing and Analysis Centers (ISACs) automate evidence collection and sector-specific risk assessments to measure third-party vendors for security and data risk. Its most significant advantage for businesses is complete visibility through a proper vendor repository.

Asset inventory and device authorization : These can help enterprises protect their critical assets by identifying vulnerabilities in specific devices based on the device type, manufacturer, and version. They can also regulate access authentications, optimize efficiency, and identify faults in connected devices.

Decoys and simulation : Viewing cyber posture through the eyes of rogue elements, novel tools are designed using fictitious elements such as decoy assets or user credentials, including SCADAs. These can effectively divert attackers and thwart cyberattacks. In addition, impending cyber threats are simulated, exposing the enterprise, hardening them, and preparing them in the face of imminent danger.

It is positive to see many businesses proactively take steps to mitigate threats and risks. Cybersecurity is no longer an added strength for an enterprise. It is a necessity. Business leaders and Chief Information Security Officers (CISOs) will do well to be non-negotiable when it comes to fortifying their critical assets against breaches and attacks.