How COVID-19 Affected Industrial Cyber Security

As businesses worldwide abruptly moved to remote operations, organizational cyber-security practices are changing at a frenetic pace. Cyber-attackers are stepping up their game and are exploiting the new vulnerabilities to get their foot in the door of organizational networks by using phishing emails, SMS lures, and more. Unfortunately, they are succeeding at an impressive rate due to the increasingly remote and distracted workforce.

COVID-19: A paradise for threat actors

As always, cyber-attackers taking advantage of online behavior trends. The current COVID-19 outbreak is no different, as we see more and more companies suffering from cyber-attacks. The combination of uncertain times and the increased reliance on the internet for much of the daily operations has led people and businesses around the world to face costly cyber-attacks, resulting in the loss of millions of dollars. Some of the tactics of threat actors are as follows:

• Malicious campaigns against organizations that are using COVID-19 updates and information to spread phishing emails that lead to RATs, ransomware, or both.
• Malicious apps and websites that masquerade as legitimate but contain malware aimed at generating fraudulent revenues from premium-rate services or stealing sensitive information from users.
• The exploitation of video conference platforms like Zoom, remote connection solutions like Citrix, and file sharing drives carry security risks and vulnerabilities that put confidential information and business continuity at risk.

Industrial companies must be particularly vigilant

In addition to everyday cyber-security concerns, the current shift to remote operations is a quantum leap for industrial environments that, up until recently, were not even connected to the internet, directly or indirectly. Now industrial organizations are being forced to rely on remote connection solutions in order to continue production. As a result, we have seen a steep increase in internet exposures of the ICS segment since the beginning of 2020 (to be elaborated on our next blog).

We were all blindsided by the speed and extent of the business impact of COVID-19. Now it is time to take charge and move forward deliberately and attentively. This is true for all companies, and especially for industrial companies, who typically are late adopters of digital and remote solutions. To ensure safe and reliable remote operations of newly connected industrial networks, companies must stay ahead of the curve and embrace secure remote operations.

Three practical steps for resilient operations

1. Immediate: Learn what potential attackers know about you

Before you can expand remote work to your company’s core business operations, first learn what cyber-attackers know about you, anticipate what they may do by gathering intelligence of your specific threats. Begin by identifying what publicly available information exists about your company. 

• Check for exposed online data, including email addresses, passwords, and IP.
• Identify all IP addresses that are connected to your company and prioritize them according to the ease of discovery, ease of exploitation, and the severity of a potential impact.
• Identify all internet-facing services provided by your company.
• Pinpoint all registered domains and subdomains associated with your organization.
• See all of your company’s assets as they would be viewed by a potential attacker.

OTORIO’s experts are doing everything in their power to help industrial companies around the world to overcome this crisis with minimal cyber incidents. 

2. Short-term: Maintain business continuity through secure remote operations

Due to the critical nature of physical systems and the ever-evolving threat landscape, establishing a secure remote connection to industrial control systems is unique and requires deep expertise in both industrial and cyber domains. Because users are likely to work from public network connections and use personal devices, security teams need to apply security arrangements that feature minimal trust.

• Role-based access and identity management to limit access to different assets in the OT network
• Encrypted VPN tunnels to hide data in a coded format, unreadable to unauthorized parties
• Real-time alerts and visibility of sessions to enable immediate actions against suspicious sessions or activities
• Two-factor authentications to assure connectivity by authorized users

3. Long-term: Monitor assets’ digital condition in addition to their physical condition

By shifting to remote work, engineers and operators received a new responsibility. In addition to monitoring an asset’s physical condition, it became vital to monitor its digital condition as part of the routine maintenance and operations. COVID-19 illustrates that digital production is the future, which will remain long after the pandemic leaves our lives. Efficient management of digital risks requires an orchestration and automation of both industrial (e.g., APM) and digital security (e.g., EDR) systems, as well as:

• Simple and semi-automatic playbooks for risk mitigation
• Collaboration with information security teams for escalation and inquiries
• Integration with remote security solutions
• An updated ICS/OT vulnerability database
• Updated ICS/OT threat intelligence

Outsmarting the threat actors 

By developing a long-term, remote working strategy that includes secure remote access and security orchestration and automation solutions, you are getting on the right track to recover from the current crisis and prepare for future challenges. In addition to software solutions, consult with professional industrial security experts regarding risk assessment, penetration testing, managed detection and response, and incident response in order to further support your remote work and digital journey.

For additional information about secure remote access, security orchestration and automation and professional security services, contact our specialists.