Some cheeses have holes, but your cyber security strategy should not.
By Curtis Simpson, CISO
Last week we highlighted the fact that breweries have been classified as ‘essential’ in some regions – causing major concern when North America's largest beer maker suddenly ceased production due to a cyberattack.
But if you’ve ever been to the Netherlands, you can only imagine the distress when the country’s largest retailer runs out of a national symbol after a ransomware attack. That’s right, no more cheese.
Orders halted, trucks to a standstill
It took Bakker Logistiek six days of hard work to get their operations back up and running, and the effects are still visible while affected stores are still in the process of being supplied. As one of the nation’s largest logistic service providers, they could no longer receive orders from customers or plan transportation for their hundreds of trucks. As connected technology and automation have transformed the full logistics chain, there’s no way to process orders and hand-pick goods once the system goes down. The company’s director strongly suspects the attack originated from the recently reported Microsoft Exchange ProxyLogon vulnerabilities.
The perfect storm
Only a few years ago, IT and OT systems were operating independently on segregated networks with little to no connectivity between them. The fact that today, many OT assets are internet-accessible has led to a rare, urgent joint cybersecurity advisory by NSA and CISA, recommending that enterprises relying on OT and ICS take immediate action to establish and maintain an OT/ICS security program based on what they describe as the ‘perfect storm.’
The interconnected nature of modern manufacturing and logistics supply chains, now composed of a diverse range and age of connected (and often vulnerable) systems & devices, has resulted in the ability for bad actors to disrupt and exploit these environments remotely. Not including OT/ICS assets in your cybersecurity strategy is like playing the waiting game. Waiting for a hacker to shut down operations for a costly duration.
Avoid multi-day outages through full visibility and continuous monitoring
The Armis security platform is designed for this emerging attack vector. It is entirely passive (no business impact), real-time, and continuous.
Discover, identify and contextualize all IT, OT, and IoT devices globally
Organizations spend significant time developing and maintaining tools and scripts to discover assets and ensure they are appropriately protected. Armis automates all of this work and provides a single source of truth.
Proactively and continuously assess risks across all devices. Prioritize activities based on risk impact.
Many vulnerability scanners provide insights into vulnerabilities and risks associated with IT devices or OT devices only. Armis provides consolidated insights into IT, OT, and IoT risks that are otherwise invisible to the cyber team.
Detection and response
Continuously monitor device behaviors for signs of highly anomalous or malicious activities. Orchestrate remediation via security policies to contain and respond to attacks.
If an attack against your organization moves laterally from IT into OT critical operations (like we have seen in the case above), Armis closes the visibility gap and empowers cyber teams to respond. Understanding the full attack also significantly reduces the time needed to recover.
Availability and safety are paramount
Bad actors are more than aware that availability and safety are paramount in this type of ‘always-on’ OT-oriented environment. The value of attacking our supply chains is more apparent than ever following the pandemic, as is the ability to exploit OT environments overall. And if your organization is processing food (or beer!), it’s not only logistics that could be affected, but also food safety: imagine a cybercriminal disrupting refrigeration intentionally or unintentionally.
With this type of attack, the concern won’t so much be data loss, but rather the potential human or brand impact as well as the loss of product, critical services, operations, and revenue. Armis is the security platform to prevent, detect and respond to these types of events.
Get insights from our whitepaper on industrial IoT security or book a demo to review our innovative agentless approach.