3 Cybersecurity Challenges for Remotely Operating Critical Systems
In 2020, the popular mantra “work hard anywhere” transitioned from the defining ethos for independent workers to an operational necessity, and a cybersecurity challenge, for every company.
According to Gallup, more than 60% of all employees have started working remotely since the onset of the March 2020 pandemic. A significant portion plan to continue working off-site for the foreseeable future.
Therefore, remote work and the technologies supporting it have become mission-critical, especially with regards to industrial control systems (ICS) and other operational technology (OT), which help companies ensure continuity amidst a global pandemic, prolific natural disasters and other prominent disruptions. In a real way, remote operations capacity was the lifeline that many companies needed to weather last year’s challenges. It made industries resilient when the challenges could have been devastating.
Unfortunately, many of those challenges will remain relevant for the foreseeable future. Therefore, remote operations will play a prominent role in the future of work, giving organizations the flexibility they need to thrive under any circumstances.
The evolution of remote work as its own new operational standard has become a dominant trend, which means that organizations need to grapple with the cybersecurity risks now to ensure that they can mitigate risk and maximize value from this transition. As companies prepare for the year ahead, here are three risks worth pursuing now.
Challenge #1: People
Regardless of the workplace environment, a company’s own employees are one of its primary cybersecurity risks. The vast majority of data breaches and security incidents are caused by, in part, employee accidents.
These risks are amplified when remotely operating critical infrastructure, where everything from a propensity to mix personal and professional technology to unsecured internet connections put data at risk.
Therefore, companies that prioritize cybersecurity must empower their employees to perform their jobs securely. This might include:
- comprehensive cyber risk training
- clearly communicated file management practices and
- coordinated technology that provides secure access to company systems and customer data.
At the same time, deploying proper oversight in a remote environment, through session monitoring and other initiatives, can keep everyone accountable, regardless of location. While external threat actors abound, every organization can significantly reduce its exposure by empowering its people to be cybersecurity assets rather than liabilities.
Challenge #2: Access
For the last two decades, companies have invested heavily in securing remote user access to critical systems and data through multiple vendor infrastructure tools such as firewalls and virtual private networks (VPNs). The onset of the pandemic in 2020 meant most companies had – and have – many more remote users than on-campus network users. The need to protect remote user access to these systems requires better user access visibility and stronger controls than “trust the network” VPNs offer.
In addition, legacy remote access technologies were designed for protecting access to sensitive and personally identifiable information (PII) data, and were not designed to handle interfacing with and operation of critical asset OT and ICS remotely. What’s more, hackers have proven their ability to infiltrate these defenses and conduct malicious activities amidst unsuspecting organizations.
One approach for companies relying on remote operations capacity is to seek out zero-trust operational solutions to authenticate users on a standard browser before they can access authorized assets. The underlying process ensures your team harnesses existing protections, like HTTPS/SSL protocols, while also employing protocol isolation, VDI, multi-factor authentication and mediated unidirectional file transfer on a per-asset basis. Time- and location-based access controls and user access monitoring and recording should also be implemented for more secure connections between remote employees and critical infrastructure.
Challenge #3: Flexibility
Many companies have spent millions of dollars outfitting their infrastructure to repel pernicious cybersecurity threats. However, when circumstances change, inflexible solutions create profound vulnerabilities.
The COVID-19 pandemic has emphasized issues with complex, legacy integrated remote access vulnerabilities, reminding everyone that circumstances can change overnight, and successful organizations must be ready and willing to adapt. Ready-to-deploy, cyber-secure remote operations capacity can help companies remain operational in any environment without compromising mission-critical OT.
While we are all glad to have 2020 behind us, the new year is unlikely to offer a respite from our previous challenges. Many problems will remain stubbornly durable, and new ones will undoubtedly emerge. However, as we apply the lessons learned to the months and years ahead, we are developing stronger, more resilient organizations that are ready to navigate new roads wherever they may lead.
Remote operations cybersecurity is a crucial pillar for these efforts, and it’s a priority worth preparing for now.
