OT Cybersecurity: Why Threat Intelligence Is a Must-Have Tool in Your Security Arsenal

By Ilan Barda, CEO, Radiflow.

  • 1 year ago Posted in

No matter a company’s size, industry, or location, cybersecurity is an issue that looms large. Unfortunately, cyberattacks have plagued companies of all types for quite some time now, no sign of letting up. In fact, Check Point Research recently found that global cyberattacks increased by 38% between 2021 and 2022. Specifically, the U.K. and U.S. saw the biggest increases, recording jumps of 77% and 57%, respectively, between the two years. Additionally, while IT systems have traditionally been the main focus of cyberattacks, threats to operational technology (OT) systems are also on the rise. According to McKinsey, attacks on OT systems have been increasing since the beginning of the pandemic, with reported attacks ballooning by 140% between 2020 and 2021.

There are a number of reasons why OT systems have become a more common target recently. An industry-wide increase in digitalisation has played a big role, as has the addition of more remote access points, both factors introduce more possible vectors for attack. Additionally, OT systems, which are traditionally run by engineers who prioritise factors like safety and uptime, have historically lagged behind in cybersecurity practices.

However, with the prospect of devastating cyber-attacks on industrial operations – think shutdowns, outages, and other threats to public safety – OT cybersecurity can no longer be an afterthought.

 

The role of threat intelligence

 

Given today’s high stakes, companies must devise an OT cybersecurity strategy and make it part of their overall business plan, to ensure the ongoing safety and health of their operations, employees, and end-users. As part of this, many companies are turning to threat intelligence (TI) to help minimise risk. Making TI part of your cybersecurity strategy is important, however, before jumping in, it’s critical to understand the different types of TI and what they can deliver to avoid potential misuse.

 

There are three different types of TI to consider: tactical, operational, and strategic:

● Tactical TI pertains to domains, IP addresses and file hashes, and is generally utilised through security sensors. Tactical TI feeds are important for updating a company’s investigative or monitoring sensors, such as firewalls.

● Operational TI is used by incident responders to share details on how attacks are conducted and to ensure all defence capabilities are up to date. This type of TI is usually gleaned from technical papers or communications with colleagues who have observed attacker behaviour.

● Strategic TI pertains to a higher-level assessment of the threat landscape and is used to help inform managers of current and future risks. This type of intelligence helps organisations better understand the likelihood and consequences of potential attacks so they can accurately allocate funds and resources toward risk mitigation.

Understanding the whole picture

 

Each type of TI contributes important information to breach simulations. Combining data from all three TI types can help deliver a more holistic view of the threats facing a specific sector or region. In some cases, TI can even provide some quantitative data on the overall impact of a potential cyberattack or the predicted frequency of attacks. However, while combined TI delivers critical information, it does not offer insight on how vulnerable a user’s network is to specific threats. As such, relying only solely on TI leaves some information gaps in information that could lead to incorrect investments in security.

 

To get a firm grasp on a network’s potential weaknesses, security managers must conduct a full OT security assessment to reveal and map out its, topology, vulnerabilities, security controls, and more. These properties are unique to each network and have a direct impact on which threats are most likely to compromise the system. Well-modelled networks enable, risk officers to better understand the network properties and security controls in place, and to effectively evaluate which threats are most concerning and the likelihood of an event.

There’s no doubt that cyber threats pose a tremendous challenge for OT operators, and with attacks on the rise, cybersecurity must be a top priority. Threat intelligence is an important part of an effective OT cybersecurity strategy. While it is only one piece of the threat mitigation puzzle, it is an essential one that cannot be ignored. Managers of OT systems must understand the different types of TI at their disposal, their roles and nuances, and how to effectively use them in tandem with other network intelligence sources to provide holistic protection.

As the industry faces an ongoing onslaught of cyber threats, risk mitigation and security must be placed front and centre. Understanding TI and incorporating it into cybersecurity strategies will go a long way toward providing much needed protection and thwarting potentially crippling attacks.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.