Cyber attacks are on the rise – we’ve seen it time and time again with breaches spanning both the enterprise (LinkedIn and Yahoo password leaks) and the ICS environment (Stuxnet and Shamoon). According to Godfrey Budd of New Technology Magazine: “It’s not just Fortune 500 companies that are targeted. An estimated 18 percent of attacks target companies with less than 250 employees, while about 50 percent are aimed at ones with less than 2,500.” With cyber criminals targeting various organizations of all sizes and industries, security must be top of mind in order to protect sensitive data.
As discussed in previous blog posts, OT and IT networks are not all created equal. In fact, when it comes to the oil, gas, power and energy sectors, the networks are not always awarded the necessary security precautions they deserve. Walt Sikora, vice president for security solutions, had a chance to speak with Godfrey and inform him of the vulnerabilities within these critical infrastructures.
“Control systems out in the field are not afforded the protection available for the enterprise environment. The risk is that malware could move along a network from controls to the enterprise part.”
In his article, Godfrey highlighted the need for investing in cybersecurity and the importance of educating and training employees on the best practices for ICS security. We’d love to hear your thoughts on this topic – what do you think of OT vs IT security? How do you work to protect your critical infrastructure networks?