Industrial facilities have been increasingly reliant on the industrial internet of things (IIoT) , adopting devices that make for more productive and efficient systems. Today, many manufacturing factories , energy plants , and even agricultural sites have hundreds of IIoT devices that help manage and streamline their operations. But these facilities now also have to defend against new threats that take advantage of weaknesses and other attack vectors that come with the adoption of new technology.
In industrial environments, operational technology (OT) and information technology (IT) are more connected than ever . This convergence provides industries with optimized automation and better visibility, among other benefits. However, it is also the main characteristic that makes IIoT-integrated facilities more susceptible to cyberattacks. OT is concerned with the physical aspect of industrial production, including systems for checking if a certain tank is overflowing, or for ensuring that a valve opens when it should. These were normally closed systems, but now they are increasingly being brought online. Along with traditional enterprise and office functions, a key concern of IT is the flow — and sometimes collection and analysis — of data that comes from within and outside of the industrial facility. Traditional IT has many gateways — a large and vulnerable surface that is exposed to constantly evolving threats.
The convergence of IT and OT means that devices are being pushed outside what they were designed for, which can result in a weak or exposed industrial facility. Also, more connected endpoints mean more potential gateways for cybercriminals to gain access to networks and infrastructure systems. And since these networks are connected to machines and entire production lines, cyberattacks can be manifested in all-too-real, physical incidents.
The IIoT is a viable, and increasingly popular , target for hacking groups because of several key characteristics:
According to a March 2019 report conducted by Ponemon Institute, 90% of organizations dependent upon OT (such as those in the manufacturing, pharmaceutical, and transportation industries) experienced at least one major cyberattack in the past two years. This is certainly a problematic statistic for industrial facilities. Perhaps one cause of the problem is that, as the report states, only 20% of the surveyed professionals believed that they had sufficient visibility into their organizations’ attack surface.
The IIoT may be spread across large facilities and different locations, with numerous machines exchanging data through cloud platforms and various applications. The complexity of the system — and the fact that it is usually unique to each facility — makes it hard to map the complete attack surface of an IIoT environment. But a comprehensive view of this matter is vital to creating an effective security strategy. Here is an overview of critical IIoT attack surface areas that organizations should properly address:
According to the same report from Ponemon Institute, 50% of organizations experienced an attack on critical infrastructure in the past two years that resulted in downtime to their plants or equipment. Downtime in an industrial setting can mean, say, substantial financial losses or inconveniences and even dangerous ramifications for customers. Downtime is but one consequence of attacks on IIoT environments.
It is essential, therefore, that the IIoT be secured. Knowing how to secure the internet of things (IoT) is a good place to start. Here are a few more guidelines for organizations to follow so as to secure the IIoT attack surface:
With additional insights from Robert McArdle
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
View the report
The upheavals of 2020 challenged the limits of organizations and users, and provided openings for malicious actors. A robust cybersecurity posture can help equip enterprises and individuals amid a continuously changing threat landscape. View the 2020 Annual Cybersecurity Report
fullz usa free paypal dumps 2021