Security Breach: Legacy Mindsets Are Helping Hackers Weaponize Networks

Embedded security and "design for patching" will be vital in defending against new-age attacks.

So, my daughters like to give me a hard time about growing old. 

Said another way, I’m a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the production process has remained constant. 

But as sensors, network connections and access parameters have been upgraded to improve output, these highly prized pieces of equipment are showing their age from a cybersecurity perspective. The challenges they present are reinforced with findings from Fortinet’s 2024 State of Operational Technology and Cybersecurity Report. 

A couple of key takeaways include findings that show nearly one-third of respondents experiencing six or more intrusions in the last year. Additionally, fewer respondents claimed 100 percent OT system visibility – with that number decreasing from 10 to five percent. On the bright side, we’re getting better in some areas, with 20 percent of organizations establishing visibility and implementing segmentation, up from only 13 percent the previous year.

Joining us to discuss these and other trends is Jon Taylor, Director and Principal of Security with Versa Networks, a leading provider of digital transformation and edge security solutions. Watch/listen as he discusses:

  • Why the Purdue model might re outdated and preventing many from using new strategies like SASE.
  • Why he believes visibility is security - "you have to see it  do defend it," and how AI could be the solution.
  • The need for OT to look at vulnerabilities from a network or architecture perspective, not by device or connection point.
  • How air gapping help feed the division between IT and OT.
  • The weaponizing of OT networks stems from the lack of an adaptive network strategy fed by archaic infrastructure.
  • Instead of Security by Design, we need to implement Patching by Design.
  • Why the industrial sector needs to be more vocal about the need for embedded security and embedded micro-segmentation.
  • How state-sponsored hackers are helping elevate the industrial sector's response and prioritization of cybersecurity.

To catch up on past episodes, you can go to Manufacturing.netIEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected]

To download our latest report on industrial cybersecurity,  The Industrial Sector’s New Battlefield, click here.

More in Software