When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The short answer is yes, all organizations are a good target and should think of themselves as such.
But what exactly does that mean?
Image Credit: Shutterstock
Vice President for Europe and Africa, at Dragos.
Perhaps ironically, it’s more crucial than ever that organizations dont panic.
Panic only leads to mistakes and confusion.
Previously, industrial environments were largely heterogeneous.
For adversaries, this meant that everything they built to attack industrial organizations had to be custom.
Each attack was costly and high risk, with little scalability.
Not to oversimply it, but theres a trend towards cookie cutter tech stacks across factories.
OT environments have become largely standardized and easier for anyone to research and understand.
Given the length of time that industrial systems last, we also need to prepare for future evolutions.
There will be less time to recover and learn from attacks and state actors will become more persistently engaged.
Fortunately, we, assecurityleaders and defenders of OT environments, have an advantage: community.
The ability to stop attacks effectively comes from an accumulation of knowledge and building strong defenses.
What we often lose sight of is the fact that the adversary is fallible.
Sharing across industries and the wider community is important because it pressures adversaries to have to constantly keep up.
In this way, the defence side has an opportunity to stay one step ahead.
However, when something does go wrong, its crucial we know why it happened.
Root cause analysis can be incredibly insightful to stop something from happening again.
Forecasting the future of the industry
It is unwise to predict when it comes to OT security.
Instead, it is better to forecast, as this is a time-based prediction.
For instance, zero-trust is problematic and unrealistic in OT environments.
To protect any environment, its important to know your environment.
Only if you know your environment can you forecast.
Defense is doable, without panic.
It is imperative to understand your environment to build operational resilience.
By focusing on these knowns it’s possible for you to prepare to adapt with ease to the unknowns.
A strong approach to operational resilience consists of visibility, detection, and response.
Sharing any vulnerabilities found with the wider community can make this process smoother for everyone.
We’ve featured the best encryption software.
