cyber trends
MAGPIE GRAHAM , INTEL CAPABILITY TECHNICAL DIRECTOR AT DRAGOS , SHARES HIS THOUGHTS ON THE GROWTH AND EVOLUTION OF THE EUROPEAN OPERATIONAL TECHNOLOGY ( OT ) THREAT LANDSCAPE . FROM ACTIVITIES BY THREAT GROUPS TO IDENTIFYING A THREAT LANDSCAPE , HE OUTLINES CRITICAL CONTROLS AND ESSENTIAL PILLARS FOR ORGANISATIONS BUILDING A ROBUST CYBERSECURITY STRATEGY , THE IMPORTANCE OF BUILDING DEFENSIBLE ARCHITECTURES AND STRESSES THE NEED FOR COMPREHENSIVE MONITORING TO ENHANCE OVERALL SECURITY POSTURE .
wWhat is the history of the threat landscape in Europe and how has this evolved over the years ?
Within the threat landscape , computer network operations ( CNO ) don ’ t typically occur exclusively within IT or OT . Most often , it is an IT compromise that leads to an impact on the OT environment . The rise of cybercrime is probably the most notable trend we have experienced in Europe over the last decade .
Looking back on my career over the years , there has been an upward shift in the availability of tools , the ease of acquiring exploits and the motivation of cybercriminals to employ ransomware and extortion campaigns that create the most negative impacts on organisations .
In the realm of OT , we ’ ve seen an 87 % increase in ransomware attacks against industrial organisations and a 35 % rise in the number of threat groups in 2021 .
Understanding the evolution and growth of the European OT threat landscape
The impact on OT is substantial due to several factors .
The first is a lack of readiness . On the IT side , we ’ re prepared to reimage machines and remove infections , but the OT side faces different challenges like safe shutdown and start-up which are critical concerns owning to safety being paramount within industrial environments . Additional elements like cloud-based attacks and supply chain vulnerabilities have also shaped the threat landscape . OT is somewhat shielded from these as it is not as connected to the cloud although it is gradually changing , and with increasing use of ubiquitous software libraries , the software bill of materials ( SBOM ) is a real cause for concern – as the Log4j vulnerability demonstrated .
Supply chain attacks are always concerning owing to the lack of visibility a downstream customer has , but connectivity between supplier and industrial networks is typically limited . However , vendor control over devices and those connections home do pose risks , particularly demonstrated when engineers visit customer environments and may circumvent network egress monitoring and protection efforts using cellular modems .
Attacks against perimeter devices affect both IT and OT , but the OT space has felt the impact more so over the last few years due to the global pandemic . With remote work , external access through VPN concentrators has increased thereby exposing both environments to potential threats .
18 www . intelligentciso . com