Security Breach Eric Sorensen

How a greater focus on new and legacy OT connections could alter the cybersecurity battlefield.

Everything old … is new again. While that might seem like a natural lead-in for discussing hacker tactics, that same mantra rings true when discussing OT technology. Mordor Intelligence recently reported that U.S. manufacturing spent over $307 billion on digital transformation technologies last year, and nearly every research and consulting outlet around the world is predicting that those numbers will rise in 2024. 

All this new software, connectivity, automation and equipment creates a familiar challenge when it comes to OT cybersecurity. This meshing of the old and new is something our guest for this episode is all too familiar with, and he’s here to break down everything associated with bringing legacy and next-gen together. 

Listen as Josh Williams, Strategic Account Manager at IriusRisk, offers his thoughts on secure-by-design, as well as:
How the industrial sector gets a C- when it comes to securely integrating new technology into the OT landscape.Why the onus for secure-by-design concepts resides with the buyer.How monitoring became a critical vulnerability.The double-edged sword of connectivity.How state-sponsored hackers are a threat to more than just political targets.Why industrial OT is the front line in the cyber war.Why he doesn't want to be the "old man yelling at the clouds.".How supply chains have become manufacturing's biggest cyber concerns.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

The good, the bad and the ugly of mobile device security in the expanding OT attack landscape.

Included in the challenges associated with securing an ever-expanding OT attack surface is the role played by the increasing use of mobile devices – at both the enterprise and individual level. In fact, according to a recent report from Imprivata, only 46 percent of manufacturing organizations have the ability to maintain control over who has access to such devices and when, and 61 percent are using shared pin numbers to secure these devices. 
Additionally, an average of 16 percent of these devices are lost each year, costing organizations over $5M annually, not to mention the collateral damage from a security perspective.  This translates to an opportunity for hackers to unleash catastrophic damage by leveraging any vulnerabilities in areas like remote monitoring, and potentially new ways to worm into the networks associated with controlling your machines and systems.

Watch/listen as Joel Burleson-Davis, SVP of Cyber Engineering at Imprivata, returns to Security Breach to discuss OT mobile device security, as well as:
The journey the industrial sector has made from devices that were never intended to be connected, to what Joel describes as OT "super connectivity".Why OT continues to be an easy target for hackers.The evolution of hacking groups.How we might be over-doing all the connectivity.The double-edged sword that is mobile use in the industrial sector.Avoiding 'mobile defeatism'.Combatting the growing number of dwelling or living-off-the-land attacks.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

It's not always about the ransom, data theft or denial of service.

Many cheered with the recent crackdowns  on groups like LockBit, and rightfully so. However, the harsh reality is that most of these victories are short-lived. For example, after law enforcement seized control of multiple LockBit websites and stolen data, the group was back to running extortion campaigns within a week.

And the same can be said for many other high-profile busts of groups like Hive and Volt Typhoon. These groups re-build or re-brand, as was the case with the Conti Group offshoot Black Basta. After Conti disbanded, Black Basta reformed from the ashes and tallied over $100 million in ransomware payments last year. 

My point is not to belittle the incredible work that global agencies are performing, but to illustrate that while the industrial sector continues to make tremendous gains - the war continues. And as we evolve and improve, so will the bad guys. 

And perhaps no one knows this better than our guest for this episode - Rod Locke. He’s the director of project management at Fortinet, a leading provider of OT cybersecurity solutions. Watch/listen as Rod shares his thoughts on:
The growing influence of state-sponsored hacker groups.The rise of dwelling or live-off-the-land attacks and how some hackers are more focused on learning about their victims than harming them.Why OT can't always place the blame on IT, and the value in understanding both environments.How some regulatory efforts might have "swung too far."How to attract more "unique individuals" to cybersecurity.An anticipated rise in cloud infrastructure and the ways it will impact data security.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

How we're failing to properly support and train our most important cybersecurity asset.

According to Nozomi Networks February 2024 OT-IoT Security Report, manufacturing was exposed to more common vulnerabilities and exposures, or CVEs, than any other sector - realizing a 230 percent year-over-year increase in this area. Addressing even a fraction of these CVEs would be daunting, which is why understanding your assets is so basic, but so vital in establishing priorities and implementing approaches best suited to your security needs. 
To discuss these topics, and more, we welcome Jeff Nathan, Director of Detection Engineering at Netography, a leading provider of network security solutions, to the show. Watch/listen as he discusses:
How social engineering tactics play a key role in manipulating emotional responses that trigger certain actions.The phishable weaknesses of MFA, and how its workflow might not be strengthening your security posture.Limiting your blast radius.The potential of encrypting endpoint data.Why cybersecurity needs to take a more scientific approach to defensive tactics.The industry's biggest miss on AI.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

Threat intelligence is important, but why manufacturers should focus on risk factors first.

When it comes to the industrial sector’s ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we’re not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It found that:
80 percent of industrial sector vulnerabilities reside deep within the ICS network, making them difficult to see and harder to kick out.53 percent of the advisories Dragos analyzed could cause both a loss of visibility and control.Ransomware attacks against industrial organizations increased by 50 percent last year, and Dragos tracked 28 percent more ransomware groups focused on the ICS/OT environment.Attacks were confirmed in 33 unique manufacturing sectors.74 percent of all vulnerability advisories had no mitigation strategy.I’m not going to promise solutions for all of these challenges, but we’ve definitely found a guy interested in trying. Scott Sarris is an Information Security, Compliance and Privacy Solutions Advisor at Aprio, a leading advisory and business consulting firm. Watch/listen as we discuss:
Why OT could affectionately be known as "Old Tech".The political factors impacting IT/OT divisiveness in the industrial sector, but why Scott is optimistic about the progress being made in bringing the two segments together.Why cybersecurity planning and investments needs to start with assessing and prioritizing risk.How slowing down can help ramp up security efforts.Why dwelling or living-off-the-land attacks will escalate.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

The sector's (forced) cyber awakening needs to focus on making it harder to be a hacker.

Regardless of how complex the attack, how organized the hacker, or how advanced the tools and tactics, security solutions usually lie in very fundamental practices. So, while you might think you already know enough about segmentation strategies, framework development, asset visibility or enhanced access controls, it’s these things that get overlooked and then exploited by hackers. 
It’s the evolution of these little things that our guest for today’s show likes to emphasize in helping to keep the OT environment secure. Watch/listen as Brian Deken, Commercial Manager of Cybersecurity Services at Rockwell Automation offers perspective on topics that include:
How increased coverage and awareness of industrial cybersecurity has helped improve OT visibility, and incited more manufacturers to take real action.Why constantly evolving simple cyber strategies, like frameworks, segmentation and access hygiene are essential.What video gamers can teach us about finding OT security expertise.The status of IT-OT convergence.The attack from which some manufacturers will never recover.The positive impacts of supply chain vulnerabilities.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.