In industries where digitization is impacting every aspect of our lives, it is somewhat surprising that security in operational technology (OT) still remains the laggard. Recent hacks to companies in the private sector, and even against nation-states, have shown that basic wiper malware attacks can cause millions in damages and even take down energy grids.
The convergence of IT and OT opens new attack surfaces in the cyber realm. Attackers have quickly learned the value in targeting OT, which can bring business operations to its knees with shutdowns, supply-chain damage, equipment damage, loss of revenue, and health and safety risks. As CISOs gain a seat at the executive table, amplifying the inherent cybersecurity risks and vulnerabilities in infrastructure, there is a single priority: to implement an analytics-driven approach to threat detection and mitigation.
Finding a mechanism to collect, store and analyze security, IT and OT data in silos is relatively simple. Practicing an analytics-driven approach to security by collecting relevant data from disparate sources and turning it into actionable intelligence, however, is a whole other matter. Instead of merely watching events after they occur, organizations should anticipate their occurrence and implement measures to limit their vulnerability in real time. Companies that harness their machine data and correlate that with IT and OT information are successful in detecting and mitigating tangible threats.
For security analysts, aggregating and prioritizing threat intelligence from multiple sources to enhance security investigation is key. Data generated from IoT devices will enable businesses to take action in real time. This device-generated data has the potential to supplement existing data sources with key evidence in real time, amplifying potential vulnerabilities in systems. IoT data provides a whole new lens to security analysts, a real-world view for a proactive stance to investigating and responding to a breach or infection.
When it comes to data, one thing is certain: Maintaining a strong security posture on what’s taking place in your network at any given moment is now a necessity, and establishing a comprehensive inventory of OT cyber assets is vital. As a decision-maker, making the shift from perimeter-based security to using data from across systems, including sensor-based/IoT device data in the decision-making process, will be crucial to addressing operational agility and ensuring resiliency when the next attack occurs.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.