Technology is converging. Adoption of Internet of Things (IoT) devices is growing exponentially and these devices are being increasingly leveraged by information technology (IT) and operational/industrial technology (OT). Buildings and homes are also becoming “smart” and “connected”, with surveillance systems, thermostats, door controls, and heating, ventilation, and air conditioning (HVAC) being connected and going to the Cloud.
Attackers are very adept at finding cracks in any defence. They don’t care if it’s a crack in physical security, industrial control systems, or classic IT environments. They focus on where they can inflict as much damage as possible.
Security leaders and vendors have to start looking at the entire security risk. A breached laptop can be used to hop over to the chlorine controls of the hotel swimming pool and inflict real-world damage to property and people. It’s not only about protecting the contents of the laptop, but also the access it has to whichever network it is attached to. A siloed approach needs to be replaced with a holistic one.
Here are a few questions to ask yourself:
Which are the critical areas in our network?
“Critical” used to mean the valuable data and systems within an organisation. Widen this scope to include people, processes, and technology.
Is there full stack visibility?
You need to know how your business is relying on IT systems and how they’re tied together. Stage two is to find out what lateral movements are possible on your infrastructure. For example, whether it is possible to reach HVAC systems from the network connection of a printer.
Is our response process functioning correctly?
Failing to plan is planning to fail. You need to be prepared should a cyber-related incident happen. This could be a crypto locker outbreak or the detection of an intruder on your systems. If this happens, how will you respond?
Are our systems designed and developed with security in mind?
Resilience, security, and performance are often approached as one of those implied artefacts of infrastructure and systems. Look at the design requirements and check which ones are really connected to security. Making assumptions can lead to failure.
Approach security as a result of proper design. Like a car with crumple zones which, in case of a crash, absorbs the energy of the crash, IT systems should be designed in the same way. The same goes for system hygiene, where a system needs to be maintained to keep everything running properly. For example, the simple act of servicing your car’s brakes can save lives.
Fail-safe or fail-secure were terms initially attached to software. It’s time to apply these to the full stack of technologies which make up your IT landscape.
Secure your environment
The risks associated with system vulnerabilities are substantial. Instead of waiting for your information to be exploited, systems corrupted and brands damaged, you can take the initiative and protect yourself.
We can provide you with in-depth reports into weaknesses that attackers could exploit in your specific system. With this valuable insight, we can then help you secure your systems in the areas of development, use and infrastructure.
Visit our Security Testing section to find out how we can close these loopholes for you.