Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • How IT-OT Security Has Changed in the Wake of COVID-19
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware

How IT-OT Security Has Changed in the Wake of COVID-19

5 years ago Kristen Poulos
How IT-OT Security Has Changed in the Wake of COVID-19

After the global outbreak of coronavirus 2019 (COVID-19), organizations quickly transitioned to remote work in order to enforce social distancing and to keep their employees safe. But this work-from-home arrangement opened up organizations to more risk as well as less redundancy and resilience. That’s especially the case for organizations with operational technology (OT) assets, as these entities need to make sure that their dispersed teams and technology can swiftly respond to potential service interruptions. They also need to withstand the surge of attacks that the security community has witnessed over the past few months.

Many of these attacks have specifically targeted organizations and their OT environments. As an example of this, the New York Times covered an announcement from the U.S., British and Canadian governments that Russian hackers had attempted to steal COVID-19 vaccine research. That type of information is invaluable, as it functions as a key by which government officials can reopen their nations’ economies. In attempting to steal it, those malicious actors could give an advantage to their home country’s government as well as sow uncertainty surrounding vaccine research efforts sponsored by Western countries.

Simultaneously, nefarious individuals abused the cover afforded by COVID-19 to target pharmaceutical and automotive organizations. Back in the beginning of March, for instance, TechCrunch reported that a parts manufacturer for both Tesla and SpaceX had confirmed a data breach after suffering an infection at the hands of DoppelPaymer ransomware. Less than two months later, a U.S. pharmaceutical company disclosed a ransomware incident in which attackers had encrypted its servers and stolen corporate and employee information, as noted by Infosecurity Magazine.

Growing Collaboration in Defending OT Assets against IT Threats

Some of us might have written off 2020, but the incidents highlighted above clearly indicate that bad actors haven’t. It’s therefore important that information technology (IT) teams step up their work with OT personnel in defense of their organizations’ business critical assets. Increased collaboration between these personnel would have a long-term impact on OT security in general.

Fortunately, we’re already beginning to see this. Indeed, before the global outbreak of COVID-19, IT and OT were fragmented. A few mature organizations had built out formal processes in an effort to bridge the gaps separating their teams. But they were the exception, not the norm, and even in those environments, silos still existed. In response, it took organizations a great deal of time to evaluate their security with respect to asset inventory and other basics. IT-OT fragmentation stood in the way of these assessments moving more quickly.

But as with so many other things, COVID-19 served as an impetus for change. It demanded that organizations be more flexible in their ability to adapt to new challenges, to solve for remote access and to be more secure. Many organizations have met this challenge head-on; we’re seeing better security and stronger controls in an effort to monitor output quality.

Even more importantly, we’re seeing greater IT-OT collaboration. It’s no longer forced talks consisting of arguments over whose CIA Triad priorities matter more. Nowadays, the teams are coming together and approaching confidentiality, integrity and availability in a way where each of these pillars holds equal importance. This development points to more balanced and holistic digital security efforts in the years ahead.

Digital Transformation on the Rise

IT-OT collaboration isn’t the only force that’s increased in the wake of COVID-19. So too has digital transformation. Prior to the pandemic, a limited number of organizations had budgets to advance digital transformation. Users were intrigued about the promise of digital transformation for their organizations. This promise couldn’t lead anywhere in the absence of significant investment in new technologies and resources. And those budgets and impetus weren’t there.

This resistance especially held true for the cloud in particular. In the pre-pandemic days, many organizations hadn’t started their digital transformations with respect to the cloud. Migrating to the cloud held promise, but users just didn’t see a near-term need for the shift.

Fast forward to the pandemic, and the advantages of digital transformation became clear. Organizations who had made early investments in their own processes had succeeded in making their manufacturing capabilities more flexible. These entities could now use new data streams to make decisions about whether they could produce a higher-quality product, whether their manufacturing equipment needed repairs and/or whether they had the necessary solutions to protect their OT environments against malicious actors. Others saw that these early adopters were on to something, so they’re now working to get budget to start their own projects.

Looking ahead, it’s reasonable to expect that the rate of digital transformation will accelerate. The potential of digital transformation is now realized, after all. It’s no longer a strategic project, it’s a critical one.

As part of that process, organizations will increasingly see cybersecurity as an enabler of their own digital transformations. Businesses won’t be able to take advantage of digital transformation if they can’t become more secure. As alluded to above, digital transformation has fundamentally changed the ways in which organizations are gathering, communicating and using data. These new avenues open organizations and their OT environments to attack. In response, cybersecurity is the most critical investment that entities can make going into a post-COVID world.

More Thoughts on the Future of IT/OT and Digital Transformation

The thoughts I shared above represent a snapshot of the thoughts I shared during a recent Tripwire webinar. In that presentation, I had the pleasure of discussing the future of IT/OT collaboration and digital transformation with Gabe Authier, senior product manager at Tripwire, and Galina Antova, co-founder and chief business development officer of Claroty, a global OT security provider and Tripwire partner.

You can view the full presentation here: https://www.tripwire.com/state-of-security/security-data-protection/working-home-covid-organization-consider/.

The post ” How IT-OT Security Has Changed in the Wake of COVID-19″ appeared first on TripWire

Source:TripWire – Kristen Poulos

Tags: Cloud, Coronavirus, COVID-19, Critical Severity, Finance, Malware, Ransomware, TripWire

Continue Reading

Previous What Are the Ways to Respond to an Unintentional HIPAA Violation?
Next Parental Control – Here’s how you can regulate your child’s computer habits

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

3 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

3 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Ex-Google Engineer Convicted for Stealing 2,000 AI Trade Secrets for China Startup

3 days ago [email protected] (The Hacker News)

Recent Posts

  • Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
  • Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
  • CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
  • Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
  • China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT