Intelligent CISO Issue 51 | Page 50

Supply chain attacks like the one mounted against Kaseya are becoming increasingly popular .
FEATURE
because the skills shortage is not going to disappear anytime soon . The solution is automation . Organisations need to deploy continuous , automated policy compliance tools .
As industrial networks grow , so does the risk
Operational Technology to control and monitor industrial systems has been widespread for years . It is now morphing into the Industrial Internet of Things ( IIoT ) where industrial devices become connected to corporate IT networks and to the Internet , exposing them to all the dangers it brings .
Under the many pressures produced by the pandemic – on supply chains , energy prices and more – organisations of all kinds have increased connectivity of their facilities in search of increased efficiencies and lower costs . When these developments are made under pressure , security tends to suffer .
In August 2021 security researchers revealed four vulnerabilities in the NicheStack TCP / IP stack used to enable communications in IPconnected OT and IIoT devices . These vulnerabilities could enable attackers to mount remote code execution , denial of service attacks and more .
Security measures such as firewalls and micro-segmentation can add additional protection , but these vulnerabilities still must be patched , which can be difficult to do in a continuously operating production environment .
Variety is the spice of a ransomware actor ’ s life
As the cost of ransomware attacks and cyber insurance payouts rise , insurers are demanding increasing stronger baseline security from policyholders . When organisations beef up remote desktop protocols , VPNs and email security , attackers devise new ways to bypass security .
Supply chain attacks like the one mounted against Kaseya are becoming increasingly popular . So any organisation with digital links to its business customers could be compromised to gain access to the attacker ’ s ultimate target .
Attackers will also explore new channels to gain entry , such as SharePoint , OneDrive , Google Drive and Google Docs . These SaaS platforms have already been compromised with new and highly original phishing campaigns , and the number of successful attacks will certainly increase . A high level of visibility and tight control of corporate IT systems and data is essential to detect and thwart these advanced threats .
Zero exceptions to Zero Trust for US Government
On May 21 , 2021 US President Joe Biden issued an Executive Order on Improving the Nation ’ s Cybersecurity . To the surprise of many in the cybersecurity industry it required the Federal Government to ‘ advance toward Zero Trust Architecture ’, in other words , it mandated the use of Zero Trust across federal government entities .
This edict is likely to spur a significant increase in the adoption of Zero Trust security by the US private sector and elsewhere as boards and senior

Supply chain attacks like the one mounted against Kaseya are becoming increasingly popular .

management realise that it not only significantly strengthens their security but confers competitive advantage .
However , they must understand that Zero Trust security is not achieved simply by deploying a product that claims to provide Zero Trust security . Zero Trust is a state of security achieved only by addressing multiple issues with the appropriate solutions .
The first steps are easily achieved with existing security solutions such as hostbased firewalls , micro-segmentation , data loss prevention , roles-based access controls , etc .
There are many more point solutions , all of which can contribute to optimising an organisation ’ s cybersecurity and building adaptability and resilience . u
50 www . intelligentciso . com