Proactive Cybersecurity: Increased Safety Measures Make All the Difference

  • By Dominick Birolin
  • Dec 05, 2022

The infrastructure of the United States is under attack, as foreign criminals use advanced skills and exploit company vulnerabilities to cripple operations, disrupt industrial control systems, and ultimately inflict significant damage, both monetarily and economically. 

First, there are multiple ways of attacking companies, both resulting in tangible and intangible losses. Take the hacking organization, Darkside, which launched a major ransomware assault against the Colonial Pipeline leading it to close operations and freeze its IT systems. This remained in place until they ultimately paid a ransom of $4.4 million.

In February, hackers attempted to boost the amount of sodium hydroxide scheduled to go into the water supply at a Florida plant nearly 100 times the usually allocated amount. Thankfully, a plant operator caught the anomaly in real time and adjusted the chemical levels before any serious harm inflicted to its population.

Then there was the 2020 SolarWinds attack, when hackers tied to Russia’s foreign intelligence service added malicious code to the company’s Orion IT monitoring platform. This allowed hackers to infiltrate all Orion software networks, influencing Fortune 500 companies, large U.S.-based telecommunications companies, and hundreds of educational institutions, as well as the military, the Pentagon and the State Department. Overall, estimates show total damage from the assault exceeded $100 million.

Ultimately, the immense cost of such intrusive invasions is just a fraction of the impact and it can happen to any organization. The ultimate goal of these cybercriminals is to disrupt normal business operations and everyday life by targeting the critical infrastructure that keeps companies afloat. Despite these warnings and examples of attacks that have inflicted devastating damage, both economically and financially, many institutions remain unprepared. The best way to combat these cybercriminals is to have the best preventative measures in place before an attack happens. Addressing vulnerabilities and risks within industrial control systems and operational technology remains critical in the continued fight against these potential cybercrimes.

Look in the Mirror
There are a number of areas that can leave you exposed to cybercriminals, including legacy software, a lack of network segmentation, the use of default configurations, and a lack of encryption, weak remote-access procedures, and no threat-detection capabilities. To start, companies need to ask themselves: What can I do to protect myself from a cyberattack if I am at risk?  They also need to consider that by becoming complacent in such areas, they could be introducing even more risks. 

Most Common Mistakes
Organizations make mistakes that leave them and their systems vulnerable and unprotected. One example is when security technologies are deployed to meet compliance requirements, rather than to reduce risks. Another is when there is no risk strategy or framework to prioritize security-related tasks. Entities often underestimate the scope of work and resources required to realize returns on security investments, which is another common issue. Other examples include:

  1. A nonexistent or incomplete inventory of the assets and applications that need protection.
  2. A lack of visibility into the assets and applications communicating within networks.
  3. No network segmentation.
  4. No integration between and among systems.
  5. A failure to identify or fully understand the vulnerabilities and attack vectors that exist within the enterprise.

Take Action
As enterprise leaders, it is critical to take action to address the weak spots within your security plans. You must move the risk needle in a positive direction to protect your critical infrastructure. How this starts is by reviewing your security strategy and protocols. Clearly identify risks and vulnerabilities, as well as any technologies, policies, and procedures needed to mitigate them. 

Create a roadmap to implement the missing mitigation components, along with the metrics needed to determine efficiency. Keep in mind your security ecosystem should have multidirectional information sharing between and among your intrusion detection and intrusion prevention systems, the security information and event management system, the asset management system, your privileged access management system and any other security technology deployed within your environment. 

Your strategic plan should also address staffing requirements to ensure internal resources are properly trained and available to implement security measures and rapidly respond to threats. It should also identify which external resources, such as benchmarking standards, are leveraged to reduce risk and increase efficiency so that your security program delivers robust protection to your industrial control systems, operational technology, and IT systems.

Featured

  • Ransomware Attacks Rise for the First Time in Six Months

    Ransomware attacks have risen for the first time in six months, increasing by 28% month-on-month to 421 attacks. While overall attack volume remained below 500, the uptick may signal a renewed escalation heading into the year’s most active period for cyber criminals. Read Now

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

Most   Popular

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.