2021 will go down in history as the most successful year for hackers. According to rough estimates by our research team, almost a fifth of all attacks on OT and IoT installations succeeded to some degree in 2021. The data stolen from such attacks and the tactics learned by hackers will cast a long shadow on the year ahead. It is therefore time to invest in improving security at all levels.
Even before we enter the New Year, the remaining few days of 2021 will test cybersecurity teams and businesses globally. We have seen a trend of the escalating volume of cyberattacks leading into the new year. These attacks are targeting specific components of IoT and OT deployments and are designed to exploit not just existing vulnerabilities and security posture gaps, but also the distraction that a global holiday season brings. Sectrio’s team observed a rise in cyberattacks during the last Thanksgiving weekend and we feel this is just a prelude to a new series of sophisticated and intense cyberattacks that hackers may launch this holiday season. We are therefore advising all businesses to stand guard and improve their security vigil.
Both IoT and OT security measures need to be strengthened and these steps should be deployed at the earliest:
- Warn all employees to be aware of phishing attacks that may target their official accounts
- Conduct cybersecurity drills to stress test responses to a cyberattack
- Raise awareness among all employees on the need to be vigilant over the next few days
- Run vulnerability scans on your infrastructure to see if any new vulnerabilities have emerged in the last few days that could be exploited
- Go for a threat intelligence feed, if you can. This is advisable even if you have a IoT or OT cybersecurity solution deployed with the vendor providing a threat intelligence feed.
- Opt for micro-segmentation to isolate parts of your infrastructure and to deploy granular policies
- Publish an IoT/OT infrastructure cybersecurity policy, if you haven’t done so already (we have a template created for you that you can readily use. You can download it from here)
- Conduct a cybersecurity self-assessment exercise using the framework we have developed to test your institutional cybersecurity preparedness level. The document can be accessed from here
- In case you need to align your institutional practices against global standards and best practices, you can refer to our CISO handbook.
In case you need further help, we encourage you to talk to our IoT and OT cybersecurity experts.
From all of us at Team Sectrio we wish you a happy and memorable holiday season.
Stay safe, stay secure.