t cht lk
UNDERSTANDING THE EVOLUTION AND GROWTH OF THE EUROPEAN OT THREAT LANDSCAPE
wMagpie Graham , Intel Capability Technical Director at Dragos , shares his thoughts on the growth and evolution of the European Operational Technology ( OT ) threat landscape . From activities by threat groups to identifying a threat landscape , he outlines critical controls and essential pillars for organisations building a robust cybersecurity strategy , the importance of building defensible architectures and stresses the need for comprehensive monitoring to enhance overall security posture .
What is the history of the threat landscape in Europe and how has this evolved over the years ?
Within the threat landscape , computer network operations ( CNO ) don ’ t typically occur exclusively within IT or OT . Most often , it is an IT compromise that leads to an impact on the OT environment . The rise of cybercrime is probably the most notable trend we have experienced in Europe over the last decade . vulnerability demonstrated .
Looking back on my career over the years , there has been an upward shift in the availability of tools , the ease of acquiring exploits and the motivation of cybercriminals to employ ransomware and extortion campaigns that create the most negative impacts on organisations .
In the realm of OT , we ’ ve seen an 87 % increase in ransomware attacks against industrial organisations and a 35 % rise in the number of threat groups in 2021 . The impact on OT is substantial due to several factors .
The first is a lack of readiness . On the IT side , we ’ re prepared to reimage machines and remove infections , but the OT side faces different challenges like safe shutdown and start-up which are critical concerns owning to safety being paramount within industrial environments . Additional elements like cloud-based attacks and supply chain vulnerabilities have also shaped the threat landscape . OT is somewhat shielded from these as it is not as connected to the cloud although it is gradually changing , and with increasing use of ubiquitous software libraries , the software bill of materials ( SBOM ) is a real cause for concern – as the Log4j
Supply chain attacks are always concerning owing to the lack of visibility a downstream customer has , but connectivity between supplier and industrial networks is typically limited . However , vendor control over devices and those connections home do pose risks , particularly demonstrated when engineers visit customer environments and may circumvent network egress monitoring and protection efforts using cellular modems .
Attacks against perimeter devices affect both IT and OT , but the OT space has felt the impact more so over the last few years due to the global pandemic . With remote work , external access through VPN concentrators has increased thereby exposing both environments to potential threats .
www . intelligentcio . com INTELLIGENTCIO EUROPE 77