Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/1/2020
10:00 AM
Dave Weinstein
Dave Weinstein
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Industrial Networks' Newest Threat: Remote Users

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

With remote working becoming the norm, people need to have access to their organization's networks in order to get the work done, and need access to servers, email, and data without being in the office. But with the need for remote working and so many employees and full organizations working from home, remote access could also be opening up organizations to security risks.

When we look specifically at industrial networks and the organizations charged with maintaining, operating, and securing them, the security stakes become that much higher. Right now, it's more important than ever to make sure these networks are secure. These industrial networks — electrical grids, manufacturing plants, oil and gas, and transportation, among others — are critical to our nation's infrastructure, yet because of our rapidly shifting working environment, they are being accessed and sometimes maintained by people from all over the globe, not just on-site personnel. If these networks were to be compromised, it could be detrimental if a city's electrical grid were breached, or access to a manufacturing plant's systems got shut down. 

What's more, recent survey data from Claroty shows that 63% of US security professionals expect a major cyberattack to be successfully carried out on critical infrastructure within the next five years, showcasing the lack of confidence that cybersecurity professionals have in the safety and security of our industrial networks. In addition, 51% of industry practitioners in the US believe that today's industrial networks are not properly safeguarded and need more protection, while another 55% believe that our critical infrastructure is vulnerable to a cyberattack.

The stakes are high, and we know that remote working isn't going anywhere anytime soon, so it's increasingly crucial for industrial organizations to have a good hold on the safety of our infrastructure, and protecting their remote access points and remote users is critical in doing so.

While this may seem like an easy task, there are various remote access challenges that these organizations need to overcome.

The first challenge is strictly employee-related. As more employees are connecting to their networks from home, remote access risks are scary for any organization, and the stakes are that much higher for those working in critical infrastructure.

While remote access allows flexibility for employees unable to access offices, it also means that employees could be connecting to unsecured Wi-Fi networks or VPNs, perhaps without even realizing it. If their Internet connection is not safe, browser activity, passwords and sensitive corporate data could be left exposed or even vulnerable to malicious activity.

Another challenge organizations face is keeping their employees' passwords protected, as it is not uncommon for remote workers to share their passwords and logins via email, chat, text, etc. If these were to be accessed by the wrong person, fall into the wrong hands, or found by someone outside the organization, the company could be subject to hidden costs, data breaches, and a damaged reputation.

These challenges open up the possibility for a hacker or outside source to do some serious damage — even more so now that more people are remote. Imagine this: Cybercriminals with access to an employee's passwords (which they stole from the employee's session on an unsecured Wi-Fi network) could legitimately log in to the industrial organization's network and compromise critical processes in a factory or plant. This isn't a far-fetched scenario by any means; our recent survey also showed that 56% believe that hacking would be the most prevalent type of cyberattack on industrial networks in 2020, followed by ransomware (21%) and sabotage (12%).

In addition to the risks associated with employees, there are others posed by third-party vendors and contractors. Many industrial organizations use service providers or consultants to help monitor networks and provide additional support or services, and with the increase in remote work, these workers will request remote access to the organization's network. Because these vendors are not as directly connected to the internal systems as full-time employees are, their access may not be regulated or monitored as closely. This means that if malicious actors compromise their remote session, their access could be undetected for an indiscriminate amount of time, giving the attackers a potentially enormous window of opportunity to wreak havoc.

One of the other barriers facing third-party vendors is that setup for traditional network access is incredibly time consuming for system administrators, and therefore has not always been a high priority on their to-do lists. On the other side, since the vendor is not actually part of the organization, it may not take security as seriously as full-time employees.

In a world where outsourcing certain jobs to third parties is also increasingly commonplace, just like remote working, organizations need to place a greater emphasis on making sure that every individual with remote access, inside or outside the organization, is extensively trained and appropriately monitored with the proper security protocols.

The global effort to enable remote work as quickly as possible poses significant security challenges for organizations in all sectors, and the stakes are particularly high for critical infrastructure. To ensure organizations are doing all they can to secure their remote access, it's crucial to have a strong hold on network access and to make sure all remote sessions are monitored, whether they're internal or external.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Dave Weinstein is the chief security officer of Claroty. Prior to joining Claroty, he served as the chief technology officer for the State of New Jersey, where he served in the Governor's cabinet and led the state's IT infrastructure agency. Prior to his appointment as CTO he ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15270
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
CVE-2018-21266
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2018-21267
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-27673
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27674
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.