Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/1/2020
10:00 AM
Dave Weinstein
Dave Weinstein
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Industrial Networks' Newest Threat: Remote Users

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

With remote working becoming the norm, people need to have access to their organization's networks in order to get the work done, and need access to servers, email, and data without being in the office. But with the need for remote working and so many employees and full organizations working from home, remote access could also be opening up organizations to security risks.

When we look specifically at industrial networks and the organizations charged with maintaining, operating, and securing them, the security stakes become that much higher. Right now, it's more important than ever to make sure these networks are secure. These industrial networks — electrical grids, manufacturing plants, oil and gas, and transportation, among others — are critical to our nation's infrastructure, yet because of our rapidly shifting working environment, they are being accessed and sometimes maintained by people from all over the globe, not just on-site personnel. If these networks were to be compromised, it could be detrimental if a city's electrical grid were breached, or access to a manufacturing plant's systems got shut down. 

What's more, recent survey data from Claroty shows that 63% of US security professionals expect a major cyberattack to be successfully carried out on critical infrastructure within the next five years, showcasing the lack of confidence that cybersecurity professionals have in the safety and security of our industrial networks. In addition, 51% of industry practitioners in the US believe that today's industrial networks are not properly safeguarded and need more protection, while another 55% believe that our critical infrastructure is vulnerable to a cyberattack.

The stakes are high, and we know that remote working isn't going anywhere anytime soon, so it's increasingly crucial for industrial organizations to have a good hold on the safety of our infrastructure, and protecting their remote access points and remote users is critical in doing so.

While this may seem like an easy task, there are various remote access challenges that these organizations need to overcome.

The first challenge is strictly employee-related. As more employees are connecting to their networks from home, remote access risks are scary for any organization, and the stakes are that much higher for those working in critical infrastructure.

While remote access allows flexibility for employees unable to access offices, it also means that employees could be connecting to unsecured Wi-Fi networks or VPNs, perhaps without even realizing it. If their Internet connection is not safe, browser activity, passwords and sensitive corporate data could be left exposed or even vulnerable to malicious activity.

Another challenge organizations face is keeping their employees' passwords protected, as it is not uncommon for remote workers to share their passwords and logins via email, chat, text, etc. If these were to be accessed by the wrong person, fall into the wrong hands, or found by someone outside the organization, the company could be subject to hidden costs, data breaches, and a damaged reputation.

These challenges open up the possibility for a hacker or outside source to do some serious damage — even more so now that more people are remote. Imagine this: Cybercriminals with access to an employee's passwords (which they stole from the employee's session on an unsecured Wi-Fi network) could legitimately log in to the industrial organization's network and compromise critical processes in a factory or plant. This isn't a far-fetched scenario by any means; our recent survey also showed that 56% believe that hacking would be the most prevalent type of cyberattack on industrial networks in 2020, followed by ransomware (21%) and sabotage (12%).

In addition to the risks associated with employees, there are others posed by third-party vendors and contractors. Many industrial organizations use service providers or consultants to help monitor networks and provide additional support or services, and with the increase in remote work, these workers will request remote access to the organization's network. Because these vendors are not as directly connected to the internal systems as full-time employees are, their access may not be regulated or monitored as closely. This means that if malicious actors compromise their remote session, their access could be undetected for an indiscriminate amount of time, giving the attackers a potentially enormous window of opportunity to wreak havoc.

One of the other barriers facing third-party vendors is that setup for traditional network access is incredibly time consuming for system administrators, and therefore has not always been a high priority on their to-do lists. On the other side, since the vendor is not actually part of the organization, it may not take security as seriously as full-time employees.

In a world where outsourcing certain jobs to third parties is also increasingly commonplace, just like remote working, organizations need to place a greater emphasis on making sure that every individual with remote access, inside or outside the organization, is extensively trained and appropriately monitored with the proper security protocols.

The global effort to enable remote work as quickly as possible poses significant security challenges for organizations in all sectors, and the stakes are particularly high for critical infrastructure. To ensure organizations are doing all they can to secure their remote access, it's crucial to have a strong hold on network access and to make sure all remote sessions are monitored, whether they're internal or external.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Dave Weinstein is the chief security officer of Claroty. Prior to joining Claroty, he served as the chief technology officer for the State of New Jersey, where he served in the Governor's cabinet and led the state's IT infrastructure agency. Prior to his appointment as CTO he ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.