Manufacturing may well have become increasingly 'smart' but as ‘things’ have become more connected to the network, they’ve become more exposed to bad actors. A recent study by TrapX Security in collaboration with the Enterprise Strategy Group (ESG), found that more than half (52 percent) of manufacturing organizations admit operational technology is vulnerable to cyber-attack.
As a result of the pandemic, the global workforce has needed to adapt to a work-from-home environment, and this did not bypass the industrial sector. Engineers are now remotely accessing networks and devices instead of making on-site site visits. Remote staff are more vulnerable to social engineering attacks. Security teams are now charged with securing converged, but quite different information and operational technology environments.
Firmware is different than software.
Controllers and turbines are different than laptops and database servers.
Despite this, security teams often use the same tools and processes for both environments and they are getting poor results. This multi-faceted converged infrastructure demands a multi-faceted approach to threat detection and response. An approach that is flawed without deception.
Square Peg – Round Hole
The research revealed that almost half (49 percent) of organizations surveyed had unsurprisingly moved to IT and OT infrastructures that are tightly integrated; 77 percent expect further convergence in the years to come. This is great for the manufacturing industry as it becomes more agile, however only 41 percent of organizations could confirm they employ OT specialists within the IT security team. The remaining 59 percent are protecting a unfamiliar environment of throughput, uptime, regulation and business requirements.
Like a square peg in a round hole, IT security technology is at once too invasive and too limited for OT environments. It simply doesn’t fit and the results are alarming. Threat detection and response teams are overwhelmed by the volume of security data that needs to be analyzed. Some 53 percent of the security teams questioned said their operations workload exceeded staff capacity, 45 percent the collection and processing of security telemetry had increased; and 43 percent the same for security alert volumes.
Throw in that, for just under half of those asked, the ever-evolving nature of threats made detection and response more difficult, and security teams increasingly find themselves dancing in the dark.
This lack of meaningful visibility leaves a dangerous blind spot when it comes to effective threat detection and response; especially as far as OT assets are concerned. Simply throwing ever more of the same old security tools at the problem just makes it worse. Complexity is the enemy of security after all, and expanding security teams with more staff without addressing the visibility problem is futile. The research showed that 37 percent understood they need to improve visibility of malicious OT activity and 36 percent want to improve their understanding of OT-focused threat intelligence.
So, what is the answer? Faking it could be the key to unlocking manufacturing industry security success by shining a light that illuminates threat activity wherever it may strike. And that's where deception technology comes in.
Forget What You Think You Know
The more security-minded may think they’ve seen this honeypot movie before, but like many other concepts (see virtualization) modern technology gives old ideas new life. Our honeypot ancestors were designed to draw attackers in so defenders could observe and learn. They were effective in doing that, but simply too complex for any other use case.
Modern deception technology is entirely different. It is flexible enough to revamp a conventional security with an active defensive layer that delivers an early warning while it buys defenders time by misleading attackers. It is also lightweight enough to deploy traps without limits so that valuable assets such as applications, databases, and yes, even controllers and turbines, can hide in a crowd. Simply put, more traps equals less risk.
While the tangled web idiom of Scott's epic 19th century poem 'Marmion' exposes the problematical nature of lies, the 21st century reality is quite different when it comes to cybersecurity and deception technology. By establishing a veritable web of decoy assets, credential traps sensitive data lures, attackers that have penetrated the network perimeter stand an overwhelming chance of getting trapped.
Security teams know this already, as the research showed that 44 percent of respondents considering deception technology as invaluable in aiding threat research; 56 percent for threat detection; and 55 percent were already using it in some form. Yet 44 percent cling to old notions of honeypots and have failed to make the connection between deception technology and increased attack visibility - still dancing in the dark it seems.
A multi-tiered threat detection and response approach is vital if organizations are to successfully navigate the manufacturing threat landscape of 2021. Which means that deception technology alone is not going to provide the security posture needed to fully protect those OT assets that are critical for business operations.
Nobody has ever said that threat detection and response is easy. However, it can be made less difficult. The time has come for "faking it" to not only be recognized as an essential defensive component, but also one that will improve your security position without disrupting existing systems.