By Rick Peters, CISO Operational Technology, Fortinet

For years, Operational Technology (OT) systems have been working to control everything from factories to transportation networks to utilities. The reality is most citizens don’t think about these systems until there’s a problem. That’s why the the attack against Colonial Pipeline in May 2021 was so startling. The attack on a segment of the enterprise transcended IT and resulted in a temporary but severe disruption of the OT based fuel supplies and led the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to issue an advisory urging critical infrastructure (CI) asset owners and operators to take on a heightened state of awareness.

Unfortunately, the attack against Colonial Pipeline isn’t the first or last time an adversarial cyberattack on an OT target will make headlines. Malicious cyberattacks are likely to increase given the opportunities for mission impact, social anxiety, and profit that disrupting systems and stealing intellectual property from OT and IT systems represent. If there’s any silver lining to this high-profile attack it’s that it has put a renewed focus on securing critical OT assets.

OT cyber events also have demonstrated the consequence of failing to invest and commit proportionally to a cybersecurity strategy. For years OT system owners relied on the “air gap” that separated OT systems from IT to protect them. But as more and more OT organizations digitally connect OT infrastructure such as supervisory control and data acquisition (SCADA) systems with IT networks, the resulting evaporation of the air gap has dramatically increased the level of risk. Given this situation, it’s not a surprise that in the “2021 State of Operational Technology and Cybersecurity Report” 9 out of 10 OT organizations experienced at least one intrusion in the past year and 63% had three or more intrusions.

To protect cyber physical assets, OT organizations need to commit toa proactive cybersecurity strategy, paying particular attention to visibility, control, and behavior analysis. It’s critical to protect every point of connection to the outside world to proactively safeguard OT.

OT Is No Longer a Niche Exploit

In the past, exploits against SCADA or industrial control systems (ICS) were viewed as an infrequent subset of highly structured and often nation-state sponsored targeted attacks. But the OT market is expected to continue to grow through 2027 at a CAGR of 6.40%. Relying on obscurity as a defense strategy doesn’t work anymore; it’s practically an invitation to cybercriminals to penetrate and ultimately compromise OT systems. Although IT-related exploits are still more prevalent, according to the Global Threat Landscape Report from FortiGuard Labs, a growing number of  exploits are targeting OT. The long-held perception that ICS exploits are an obscure niche of the cyber threat landscape is simply no longer the case.

Why Now?

In the past, OT attacks were the domain of specialized threat actors who knew how to exploit ICS and SCADA systems. But now, many of those tools are now being packaged as attack kits on the dark web, so they are available to a much broader set of less technical attackers. The motivations behind the attacks range from gaining a profit through extortion, stealing intellectual property, to simply testing infrastructure resilience. The attacks offer a side benefit in that they create a climate of uncertainty and can force actions by executives in the government and commercial sector. The headlines generated from a successful attack on OT infrastructure only serve to amplify these effects. Attacks on large enterprise businesses in energy and manufacturing and even smaller more discrete intrusions at the municipal utilities level are all newsworthy. The alarming cybersecurity news in 2021 reinforces the fact that OT infrastructures require attention to reduce the attack vectors, tactics, and techniques that focus on industrial environments.

The Need for Better Visibility

The rapid expansion in the threat landscape and the increase in attacks demonstrate the increased need for integration between enterprise solutions and operational infrastructure. In most cases, security considerations need to extend to on-premise systems and extend to the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices. It’s also important to have an infrastructure control strategy that restricts and contains suspicious activity and behavior. At a minimum, organizations should implement zero-trust network access (ZTNA), which limits user or device access to only those resources required to perform a specific role or function. ZTNA also strictly limits the range and level of engagement, which serves to restrict activity if a system is compromised. 

OT organizations that put comprehensive security policies in place give themselves an advantage over threat actors and can limit the impact of a breach. OT infrastructure is no longer benefiting from obscurity and the adoption of near-universal convergence of IT and OT networks implies traditionally isolated environments are no longer safe. Organizations must take proactive steps to harden OT environments, including integrating tools and practices designed to protect, detect, and respond to threats in real-time. Although attacks are inevitable, they don’t have to be successful.

The partnership will enable Help AG customers to avail of Trend Micro’s security capabilities without sending their data to the cloud, alleviating concerns regarding data privacy.

Help AG, the cybersecurity arm of Etisalat Digital, today announced its Platinum Level partnership with Trend Micro, a global leader in enterprise data security and cybersecurity solutions. The partnership will enable Help AG customers in the United Arab Emirates and Saudi Arabia to avail of Trend Micro’s security capabilities without sending their data to the cloud, alleviating concerns regarding data privacy.

This collaboration allows Help AG to service clients that may be reluctant to transfer sensitive endpoint data to the cloud environments of cybersecurity providers. When utilizing Endpoint Detection and Response services, the client needs to provide complete and accurate endpoint data in order for the service provider to be able to detect threats and attacks. This can be problematic if an organization’s users engage in confidential activities or access confidential websites.

Help AG’s partnership with Trend Micro addresses these challenges by delivering security services and capabilities without needing clients to send their data to a cloud-based environment. Due to the unique data model it has in place, Trend Micro is one of the few vendors of its calibre to offer this option, answering the needs of a niche segment of customers with specific data privacy concerns.

Commenting on the partnership, Stephan Berner, Chief Executive Officer at Help AG, said: “Trend Micro offers solutions that cater to our customers who are sensitive about utilizing cloud for some or all of their security services. Joining forces with Trend Micro enables us to address their concerns by delivering robust capabilities in an environment that is suitable for their data privacy preferences and needs.”

Berner added: “It is an honor to be named a Platinum Partner of Trend Micro, a highly respected leader in the cybersecurity space with a long history and rich legacy. Trend Micro has been extremely consistent in providing world-class products and solutions that address the security needs of organizations, and our customers will benefit immensely from having access to their portfolio.”

“Our partners are at the heart of our mission to make this world a secured place for exchanging information digitally,” said Dr. Moataz Bin Ali, Vice President and Managing Director, Middle East and North Africa for Trend Micro. “We are excited about our collaboration with Help AG that will empower its customers with robust security capabilities to protect their data, adhering to their privacy and compliance needs. Together, we will help regional organizations reimagine cybersecurity,” he added.

Now available to Help AG customers, the Trend Micro portfolio includes products and solutions related to Detection and Response, Network Security, User Protection, Cloud Security, Internet of Things Security, Enterprise Ransomware Protection, and Regulatory Compliance, among other areas within cybersecurity that are relevant to organizations today.

Invixium Integrates Touchless Face Recognition and Multi-Factor Biometric Solutions with AEOS Access Control

Invixium, a premier manufacturer of innovative touchless biometrics, has integrated its portfolio of modern solutions with AEOS by Nedap, a leading provider of access control solutions. This integration between AEOS and IXM WEB, Invixium’s enterprise-grade software solution, streamlines the process of setting up and using Invixium biometric systems with AEOS. AEOS users can now seamlessly deploy Invixium touchless biometrics, such as face recognition via IXM TITAN, as well as the rest of Invixium’s world-class biometric portfolio.

This integration is powered by IXM Link, a licensed software feature for IXM WEB that allows for one- or two-way database-to-database synchronization between IXM WEB and AEOS. Database synchronization ensures easy setup, installation, and use of Invixium biometric solutions for AEOS users. Administrators can effortlessly enroll biometric data to cardholders (securely stored in IXM WEB) which are continuously synchronized with AEOS. In addition, Device Integration Protocol (DIP) has been implemented to allow AEOS to control the verification process.

“Integrating leading security solutions, such as touchless face recognition, with AEOS has enabled Nedap to remain at the forefront of COVID-19 response,” said Susanne Adriaanse, Managing Director at Nedap Security Management. “Invixium’s innovative technologies like face recognition, mask detection, and touchless thermal screening make them a partner that closely aligns with our strategy to provide a wide range high-level solutions to modern security problems.”

“Expanding our reach through technology integrations is vital to our strategy,” said Shiraz Kapadia, CEO & President at Invixium. “This integration simplifies installation and management while reducing costs for businesses that are looking for unified end-to-end security systems. We look forward to addressing the needs of AEOS users with our unique solutions.”

By: Saket Modi, Co-Founder and CEO at Safe Security

For more than the past decade, healthcare has been the biggest target of data breaches. The total average cost has increased to $9.23 million in 2021 from $7.13 million the previous year, demonstrating a 29.5% rise. Cyberattacks in healthcare are unfortunately not limited to their financial, regulatory, and reputational impact since they have a direct consequence on lives. An Alabama-based resident claimed negligent homicide for the death of her infant because the hospital’s fetal monitors were inaccessible as a result of a ransomware attack, leaving its systems locked for eight days. For instance, if a hacker tampers with CT or MRI scans, it could also lead to incorrect medical procedures/surgeries, incomplete diagnoses, and reduced emergency or urgent care.

In such a scenario, the healthcare sector needs to quickly improve its cyber risk management. This is possible only if they move away from the traditional reactive and point-in-time approach in cybersecurity to adopt a predictive and measurable method instead. Adopting a proactive strategy includes knowing the organization’s breach-likelihood in real-time and its financial impact on the organization.

The current state of cybersecurity in healthcare:

The NotPetya attack happened five years ago. Since then, has much changed in the healthcare sector? The cost of ransomware alone has grown by 1094% since 2015. However, there are three key areas where this sector falls short:

1. Accidental and/or malicious insider threats: The HIMSS Cybersecurity survey 2020 states that 89% of initial compromise in hospitals is still through emails and more than half (57%) of the cyberattacks in healthcare begin via trusted insiders.
2. Third-party are unsecured often with unrestricted access: Over 1600 insurers at an average share PHI with hospitals. Hospitals also deal with a large number of medical devices suppliers, vendors for equipment, medication, repairs, and more, each third party is likely to be an entry point.
3. Medical device security: There will be ~50 billion medical devices by 2028, with 15 – 20 IoMT in each hospital room, creating a vast digital attack surface. Interestingly, while one aspect is digitizing faster than it can be secured, 83% of medical imaging devices are still legacy systems too old to receive software updates.
4. The lack of a designated security team: 87% of healthcare IT security leaders work without the right personnel, and three in four hospitals are operating without a designated security leader.

Can predictive analytics in cybersecurity help the healthcare sector?

Financial services organizations predict the likelihood of loans being repaid using the financial history of the applicant, their previous loans, salary/income, and credit score. Similarly, OTT platforms use predictive analytics and algorithms to improve their suggestions. The medical fraternity too relies on prediction models to improve diagnostics, identify risk groups, and improve patient care. Why not use the same analytical approach to predict the possibility of a breach rather than detecting cyberattacks after they happen and reacting to them? The use of predictive technology and models such as the Bayesian Network to predict cyber breaches makes this possible.

Enterprise cyber risk is a product of the probability of a breach happening and its business consequence. This probability is termed the “breach-likelihood” of the organization and can be calculated at the most granular level. Starting from the breach-likelihood of each medical device in every room, department-wise employee threats, to vendors or suppliers of equipment and pharmaceuticals, Electronic Medical Records directory on the cloud and the security posture of each cloud asset – the possibilities are endless. Each prediction makes the organization that much more prepared to predict and therefore mitigate breaches. Once an organization knows what to expect, it can focus energies on fixing what really matters rather than carrying out ad-hoc activities which only add to a sense of security rather than real cybersecurity.

How does breach-likelihood help the healthcare sector?

Breach likelihood in the healthcare sector can be a gamechanger in giving the visibility that is missing today. Similar to doctors arriving at a diagnosis after carrying out due diligence, sieving noise from actual symptoms, and aggregating all relevant information to a central database, cyber risk quantification can segregate information from noise.

As healthcare organizations ramp up cybersecurity infrastructure, they need to remember that all cybersecurity services, products and processes implemented in their cyber risk ecosystem need to communicate with each other. In a scenario where tens of cybersecurity services and tools are performing well in silos, but together fail to generate a comprehensive and prioritized solution, breach-likelihood is can create one score to drive cybersecurity strategy.