Proactive Cybersecurity: Increased Safety Measures Make All the Difference

  • By Dominick Birolin
  • Dec 05, 2022

The infrastructure of the United States is under attack, as foreign criminals use advanced skills and exploit company vulnerabilities to cripple operations, disrupt industrial control systems, and ultimately inflict significant damage, both monetarily and economically. 

First, there are multiple ways of attacking companies, both resulting in tangible and intangible losses. Take the hacking organization, Darkside, which launched a major ransomware assault against the Colonial Pipeline leading it to close operations and freeze its IT systems. This remained in place until they ultimately paid a ransom of $4.4 million.

In February, hackers attempted to boost the amount of sodium hydroxide scheduled to go into the water supply at a Florida plant nearly 100 times the usually allocated amount. Thankfully, a plant operator caught the anomaly in real time and adjusted the chemical levels before any serious harm inflicted to its population.

Then there was the 2020 SolarWinds attack, when hackers tied to Russia’s foreign intelligence service added malicious code to the company’s Orion IT monitoring platform. This allowed hackers to infiltrate all Orion software networks, influencing Fortune 500 companies, large U.S.-based telecommunications companies, and hundreds of educational institutions, as well as the military, the Pentagon and the State Department. Overall, estimates show total damage from the assault exceeded $100 million.

Ultimately, the immense cost of such intrusive invasions is just a fraction of the impact and it can happen to any organization. The ultimate goal of these cybercriminals is to disrupt normal business operations and everyday life by targeting the critical infrastructure that keeps companies afloat. Despite these warnings and examples of attacks that have inflicted devastating damage, both economically and financially, many institutions remain unprepared. The best way to combat these cybercriminals is to have the best preventative measures in place before an attack happens. Addressing vulnerabilities and risks within industrial control systems and operational technology remains critical in the continued fight against these potential cybercrimes.

Look in the Mirror
There are a number of areas that can leave you exposed to cybercriminals, including legacy software, a lack of network segmentation, the use of default configurations, and a lack of encryption, weak remote-access procedures, and no threat-detection capabilities. To start, companies need to ask themselves: What can I do to protect myself from a cyberattack if I am at risk?  They also need to consider that by becoming complacent in such areas, they could be introducing even more risks. 

Most Common Mistakes
Organizations make mistakes that leave them and their systems vulnerable and unprotected. One example is when security technologies are deployed to meet compliance requirements, rather than to reduce risks. Another is when there is no risk strategy or framework to prioritize security-related tasks. Entities often underestimate the scope of work and resources required to realize returns on security investments, which is another common issue. Other examples include:

  1. A nonexistent or incomplete inventory of the assets and applications that need protection.
  2. A lack of visibility into the assets and applications communicating within networks.
  3. No network segmentation.
  4. No integration between and among systems.
  5. A failure to identify or fully understand the vulnerabilities and attack vectors that exist within the enterprise.

Take Action
As enterprise leaders, it is critical to take action to address the weak spots within your security plans. You must move the risk needle in a positive direction to protect your critical infrastructure. How this starts is by reviewing your security strategy and protocols. Clearly identify risks and vulnerabilities, as well as any technologies, policies, and procedures needed to mitigate them. 

Create a roadmap to implement the missing mitigation components, along with the metrics needed to determine efficiency. Keep in mind your security ecosystem should have multidirectional information sharing between and among your intrusion detection and intrusion prevention systems, the security information and event management system, the asset management system, your privileged access management system and any other security technology deployed within your environment. 

Your strategic plan should also address staffing requirements to ensure internal resources are properly trained and available to implement security measures and rapidly respond to threats. It should also identify which external resources, such as benchmarking standards, are leveraged to reduce risk and increase efficiency so that your security program delivers robust protection to your industrial control systems, operational technology, and IT systems.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.