Operational technology (OT) systems form the technological foundation of many companies and are indispensable for the operation of critical infrastructures in particular. Without them, the smooth running of industrial plants and other modern environments would be almost inconceivable. Despite their fundamental vulnerability to cyberattacks, OT systems are relatively rarely targeted directly by cybercriminals, as a recent press release from cybersecurity provider Sophos shows.
"Most cyberattacks on OT systems do not occur on the OT systems themselves," says Chester Wisniewski, Global Field CTO at cybersecurity provider Sophos. "They almost always start with a breach on the IT side. IT systems are more exposed to the internet, making them an easier entry point for cyber attackers. That's why protecting IT is a top priority when it comes to keeping OT systems secure."
OT disruptions were not targeted OT attacks
OT systems in critical infrastructure, manufacturing or transport that are affected by cyberattacks via vulnerabilities and gaps in traditional IT can lead to significant disruption and, as a result, major financial losses. "The biggest OT disruption incidents we have experienced from cyberattacks - for example, NotPetya and WannaCry - were not targeted OT attacks. They were IT-based infections that also spread into OT environments," says Chester Wisniewski. For this reason, strong segmentation, isolation and security frameworks such as ISA/IEC 62443 are crucial. According to the company, the best defence for both industry and critical infrastructures is to separate IT and OT as much as possible and to secure the network.
Two cybersecurity components can make all the difference
In addition to network segmentation, an effective IT security ecosystem and active update and patch hygiene for all IT and OT systems, two other cybersecurity components can make the decisive difference when it comes to protecting OT systems: Network Detection and Response (NDR) and Zero Trust Network Access (ZTNA).
With the help of artificial intelligence, NDR recognises malicious activities deep in the network that endpoint protection solutions and firewalls cannot see. NDR continuously analyses traffic for suspicious patterns - for example, unusual activity originating from unknown or unmanaged devices, unauthorised assets, new zero-day attacks and unexpected data movement. A high level of automation immediately triggers response actions to isolate the malicious activity and simultaneously notifies human analysts to investigate the case and eliminate the threat across the network.
With ZTNA, the following applies: Trust nothing and nobody, check and authenticate everyone and everything. This ensures a very high level of security for all access to system resources in your own network. Everyone who wants to access resources is verified and it is checked whether the accessing device is OK. In addition, users are only granted access to the resources and applications that are required for their tasks. These measures ensure that potential surreptitious access by an attacker to the network is prevented with minimum effort and maximum efficiency.
