Operational Technology Security (OT) meets Ransomware: An underestimated security risk

As you know Ransomware is not a new phenomenon. But the increasing specialization and professionalisation and offers such as "Ransomware-as-a-Service" are making it easier to plan and execute attacks meticulously. This makes attacks of this kind a steadily growing business sector for an increasing number of professional attackers. According to estimates, the annual global damage amounts to tens of billions of Euros.

 

 

 

 

OT security gains in importance

Most discussions about the right measures to defend against ransomware attacks still mainly relate to the IT landscape in general. But attacks on OT systems, which are often much less secure, are increasing. This is due to the fact that the separation between IT and OT is no longer given with the increasing networking in the course of Industry 4.0 and the Internet of Things.

Hardly anything works in industry today without them, but the risk that arises when these components are connected to the company's own network or the Internet is often underestimated - the norm in today's networked world. Consequently, the number of devices that are not or inadequately protected is increasing. 

Not to forget: often there is a need to upgrade the physical security of freely accessible devices in order to avoid being a victim to a malicious insider who can cause irreparable damage from the inside with little effort. This is an underestimated challenge. Operators of critical infrastructure in particular have to face it.

For industry, this development now also poses a serious threat. Successful attacks can not only be responsible for the loss of important data and lead to longer downtimes. In the worst case they can also have far-reaching, often disastrous effects on production - or, in the case of attacks on critical infrastructure, they can lead to problems for entire regions.

OT can also serve as a propagation vector for ransomware and other malware, thereby not only paralyzing the company's own IT, but also putting the entire production chain at risk.

Multi-layered security architecture prevents nasty surprises

To adequately protect one's own IT, it is not sufficient to rely on regular patches and firmware updates from the often numerous external manufacturers. Since OT landscapes are usually set up extremely individually, the current status of the existing system should be determined together with experienced experts. Then, based on a detailed examination of the documentation, configurations, installations, systems and components, a holistic list of vulnerabilities and threats can be created. The goal is to identify critical and relevant security gaps and to develop a multi-layered security architecture that encompasses the OT landscape and logically structures it in such a way that vulnerabilities can be closed and thus also protects vulnerable devices.

Especially when it comes to components that are indispensable for continuous operation and a temporary shutdown is therefore not possible, it is necessary to approach securing them with great care. Many devices were never intended to be linked to IT and therefore do not meet modern security requirements. This is why, building a secure and resilient security architecture is often a big challenge and it requires experts with in-depth knowledge. Our OT-Security team is always ready to help and advise you.

Get in touch with our experts