As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to pivot deeper into corporate networks and threaten safety, disrupt operations, steal intellectual property, expose resources for Distributed Denial of Service (DDoS) botnets and cryptojacking, and cause significant financial losses.
As of today, most of our customers (78 percent) who have deployed Azure Defender for IoT and have SIEM, have integrated (or are in the process of integrating) IoT/OT security into their SIEM platform and SOC workflows.
According to CyberX’s 2020 Global IoT/ICS Risk Report, which analyzed network traffic from over 1,800 production OT networks, 71 percent of OT sites are running unsupported versions of Windows that no longer receive security patches; 64 percent have cleartext passwords traversing their networks; 54 percent have devices that can be remotely managed using remote desktop protocol (RDP), secure shell (SSH), and virtual network computing (VNC), enabling attackers to pivot undetected; 66 percent are not automatically updating their Windows systems with the latest antivirus definitions; 27 percent of sites have direct connections to the internet.
These vulnerabilities make it significantly easier for adversaries to compromise OT networks, whether their initial entry is via systems exposed to the internet or via lateral movement from the corporate IT network (using compromised remote access credentials, for example).
CISOs are increasingly accountable for both IT and IoT/OT security. However, according to a SANS survey, IT security teams lack visibility into the security and resiliency of their OT networks, with most respondents (59 percent) stating they are only “somewhat confident” in their organization’s ability to secure their industrial IoT devices.
Organizations need to invest in strengthening their IoT/OT security and structure the appropriate policies and procedures so that new IoT/OT monitoring and alerting systems will be successfully operationalized.
A key success factor is to obtain organizational alignment and solid collaboration with teams that will operate the system. In many organizations, these teams have traditionally worked in separate silos. Visibility and well-defined roles and responsibilities between IoT/OT, IT, and security personnel are key for a successful alignment. Although there can be more connectivity between the IT and the IoT/OT networks, they are still separate networks with different characteristics. Personnel operating the IoT/OT network are not always security trained, and the security staff are not familiar with the IoT/OT network infrastructure, devices, protocols, or applications. In particular, the top priority for OT personnel is maintaining the availability and integrity of their control networks—whereas IT security teams have traditionally been focused on maintaining the confidentiality of sensitive data.