Cybercriminals Shift Tactics Against OT Networks

Most of the focus on security during the COVID-19 pandemic has been on employees working from home, accessing applications in the cloud or running on local servers in an office. However, a survey of 1,100 IT and operations technology (OT) professionals conducted by Claroty, a provider of a security platform for securing OT environments, finds 67% of respondents seeing a shift in tactics cybercriminals are employing to launch cyberattacks.

The survey finds more than half of industrial enterprises in the U.S. (53%) have seen an increase in cybersecurity threats since the start of the COVID-19 pandemic, with an almost equal number reporting their organization is now more of a target.

Claroty CEO Yaniv Vardi said most of the shift in tactics is focused on stealing credentials that provide access to OT systems. With more IT staff working from home, he said, cybercriminals are launching attacks intended to capture passwords for OT systems that IT personnel are now remotely logging into to manage.

The top five industrial sectors most vulnerable to a cyberattack are manufacturing (15%), building management systems (13%), electric utilities (13%), pharmaceuticals, (12%) and consumer goods (12%).

Nearly two-thirds (65%) also noted their IT and OT networks have become more interconnected since the pandemic began, with 73% said they expect them to become even more interconnected as a result. The survey also finds 44% of respondents believe their OT networks are less secure than their IT networks.

Securing those networks is now more challenging than ever because of the pandemic, with 62% of respondents noting it has become more challenging to collaborate with their IT or OT counterparts during the pandemic.

Overall, the survey finds a quarter of respondents reporting their top cybersecurity executives did not have a pre-existing response plan to address the pandemic. A similar percentage (26%) said their organization struggled with the shift to a dispersed workforce, with 22% noting their organization did not have a pre-existing secure remote access solution in place beyond a virtual private network (VPN).

Today 88% report that their organization has updated its cybersecurity crisis response to address remote workforce requirements, with 84% expressing confidence in their ability to address another major disruption. A total of 60% believe that their CISO has shown good leadership, with 88% noting their organization’s leadership made cybersecurity a priority during the pandemic. The survey also credits most CISOs with providing the proper training resources for working within a dispersed organization.

If they have not already, Vardi said organizations of all sizes should revisit their approach to OT security. Industrial networks represent high-value targets that can provide cybercriminals access to critical infrastructure, he noted.

The challenge, of course, is most IT teams are overwhelmed. Most are still struggling to secure IT environments that now include both systems owned by employees and the wireless networks being used to remotely access a wide range of corporate applications. It’s easy to overlook OT systems that might not show any signs of being compromised until the malware is activated months from now. The hope is, of course, that whatever damage is inflicted can be kept to an absolute minimum by better securing credentials and neutralizing as much malware as possible before it is activated.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 771 posts and counting.See all posts by mike-vizard