industry expert
ENHANCING VISIBILITY AND BUILDING A HEALTHY DEFENSIVE CYBER POSTURE
Jess Abell
As cyberthreats continue to increase across Europe , there is a need to enhance the cyber posture of organisations across industries . Magpie Graham , Adversary Hunting Technical Director , Dragos , tells Intelligent CISO ’ s Jess Abell about the gaps in the OT landscape and how organisations can strengthen their defences by enhancing visibility and patching .
cCan you introduce us to the European Industrial Infrastructure Cyber Threat Perspective – when was this research carried out and what did it set out to achieve ?
The research is a culmination of several weeks of analysis looking back at the risks to organisations and activities in the last year , as well as outlining expected future actions by adversaries .
Magpie Graham , Adversary Hunting Technical Director , Dragos looking approach that determines which organisations or verticals are most at risk from the threats we ’ ve observed previously , especially given the current world events .
Dragos has assessed with ‘ high confidence ’ that adversaries pose a threat to European industrial infrastructure presently and into the next 12 months . Can you outline the factors that contributed to this conclusion ?
We have observed an increase in the desire for adversaries to be prepositioned wherein the intent isn ’ t concrete , but the opportunities they could have if something were to arise , is a significant motivator . Even if their end goal isn ’ t clear , this increases the chances of several organisations being attacked . In the OT space , there are chances of disruptive or destructive attacks down the line . In addition , there are non-targeted or opportunistic attacks which are majorly financially driven , which might have led to this increase in motivation for the adversaries .
As Europe is a central hub for numerous manufacturing and other industrialfocused organisations , the knowledge of the OT landscape is growing from the perspective of the adversary . They understand the configuration of the space and how to disrupt it . However ,
The report set out to address the continued lack of visibility into the networks , which is an initial step for most organisations on their journey to a healthy defensive cyber posture . It illustrates the interlinked nature of organisations and provides a forwardthis is increasing in parallel with our understanding of the defensive posture against the adversary .
When we research and create such reports , we have the opportunity to stay ahead and maintain a bastion of defensive posture against the adversary . When you combine the intent alongside the sheer number of organisations that rely on OT networks in Europe across sectors , it is evident that there will be an increase in the likelihood of attacks . The investment in key sectors in Europe is growing and the opportunity [ for attackers ] to profit financially is bound to increase .
How much of a threat is ransomware to Information Technology ( IT ) and Operational Technology ( OT ) environments ?
Ransomware is a considerable threat to industrial processes . We ’ ve observed that when an IT network gets hit , there is an immediate step towards stopping the spread of ransomware into the clean areas of the network . However , there often isn ’ t a response plan for the OT side that caters for this type of incident .
Most operators turn off the OT business as a safeguard but this isn ’ t always necessary and can massively disrupt the business , potentially harming specific industries . Additionally , there isn ’ t visibility into the network to determine whether the
78 www . intelligentciso . com