sb-as logo
Story image

Utilities and critical infrastructure providers must improve cybersecurity

06 Jun 2018

Critical infrastructure and utilities providers need to do more to understand the risks that cyber attacks bring, particularly as those providers adopt new and emerging technologies.

That’s according to ForeScout, who says those providers need to take appropriate steps to protect themselves.

“Utilities and critical infrastructure used to benefit from being air-gapped from other systems. In other words, they weren’t connected to a network so the only way they could be compromised was if an attacker gained physical access to assets,” explains ForeScout CMO Steve Redman.

“Now that businesses are adopting automation and the Industrial Internet of Things (IIoT) utilities and critical infrastructure are being exposed to more cyberthreats. Each automated and connected IIoT device is a potential entry point into a company network, and must be treated as such.” 

With Gartner forecasting that there may be 20 billion connected devices by 2020, 25% of all attacks may come via IoT devices.

However if every device is a potential weak point, this may hold back advancements in automation and IIoT, ForeScout warns.

“Utilities and critical infrastructure are juicy targets for hackers because of their critical nature; taking them offline even for a short amount of time can cause significant disruption that could, in extreme cases, turn into civil unrest. Similarly, taking this infrastructure down could also jeopardise the country’s defences, depending on what infrastructure is targeted and how severe the attack is,” Redman explains.

ForeScout provides five key considerations to improve security:

1. Downtime. Operational technology and critical infrastructure can’t go offline, so it’s important to be able to monitor the security status of this infrastructure without switching it off. Passive security techniques let businesses see, classify, and monitor network-connected devices without disrupting operations.  2. Legacy equipment. Legacy devices that were never meant to be connected to the internet weren’t designed with security and cyberattacks in mind. It’s essential to monitor the network activities of this newly-connected equipment and look out for uncharacteristic actions to protect the business.  3. Financial investment. Many organisations invested in legacy equipment with the expectation that these machines would last decades before being replaced. Upgrading this equipment to make it more secure requires additional investment, which may not have been budgeted for.  4. Awareness. With security breaches affecting the bottom line, improving awareness of the need for security has become somewhat easier, but there is still more to be done. Humans are generally the biggest threat due to a combination of innocent mistakes and malicious actions, so it’s essential to educate team members regarding their security responsibilities and how they can contribute to a more secure organisation.  5. Business case. Investing in modern security infrastructure is essential but many business leaders don’t see the urgency. Creating a business case for investment is complicated by the fact that, rather than demonstrating a net gain for the company, it is considered to merely prevent a loss. Mitigating cyberattacks and saving IT staff time are essential components of a strong business.

Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More