Critical infrastructure is increasingly the target of cybercriminals. Attacks on hospitals, electricity grids, water treatment plants, pipelines and food supply chains are among recent examples making headlines around the world this year. The stakes are higher as the consequences can be more destructive, going beyond monetary loss and putting people’s lives at risk.

Sadly, that is precisely why the criminals focus on such institutions, taking hostage the lives of many to better their chances of receiving a big payout and getting it even faster than usual.

Crooks don’t even need a huge investment or to be expert hackers to execute their assaults. The crimeware-as-a-service industry is thriving and continuously diversifying and evolving its methods. Crimeware-as-a-service, or CaaS, is any computer program or set of programs that are designed to facilitate illegal activity online. Ransomware, spyware, phishing kits, browser hijackers, keyloggers and more, are all available to attackers through CaaS.

Risks to ICS environments

A recent survey on operational technology (OT) and industrial control systems (ICS) listed the following as the top risks to ICS environments:

1. Ransomware, extortion, or other financially motivated crimes,
2. Nation-state cyberattacks,
3. (Unprotected) devices and things added to the network,
4. Non-state cyberattacks (non-ransomware criminal, terrorism, hacktivism).

The changing nature of the threat landscape means white-hats have to refresh their playbooks. The principle of “security by obscurity” seems outdated, when hackers, operating anywhere in the world (and even sponsored by hostile governments) have wide reach and multiple tools at their disposal. To counter, some countries have already updated cybersecurity standards after recognising the need for cooperation and knowledge-sharing across industries and international borders to better protect critical infrastructure.

Countries updating their cybersecurity measures

South Korea’s Digital New Deal noted the blurring of international boundaries regarding cyberattacks. The 10-member ASEAN, for example, became the first region to adopt the United Nations’ 11 norms of responsible state behaviour in cyberspace. The norms include interstate cooperation, from exchanging information and responding to assistance requests, to reporting ICT vulnerabilities and protecting critical infrastructure.

The US has also recently introduced an executive order to improve the nation’s cybersecurity, which calls for removing barriers to sharing threat information among its criteria. However, before the sharing can begin and be effective, having visibility of the whole network is imperative.

Nozomi Networks improve OT/IoT network visibility

Andrea Carcano, co-founder and chief product officer at Nozomi Networks, has always believed in the merit of information sharing. “I remember how complicated it was to extract and use data between different technologies. Vendors were not open enough to let customers leverage and use the data they created, and even more so, when trying from external solutions,” he wrote in a recent blog.

“This is why from the very beginning, I built our technology within Nozomi Networks to facilitate the sharing of data, easily. Our product lines which include Vantage (in the cloud), and Guardian (on-premise), have extensive capabilities to share information with others using a variety of tactics, protocols, and formats.”

Vantage, the cloud-based platform

Vantage is the first SaaS platform for OT and IoT security. It’s a cloud-based solution, protecting any number of OT, IoT, IT, edge and cloud assets wherever they are. Its massive scalability and high-performance data analytics delivers visibility of all assets distributed worldwide in a single view with its comprehensive network mapping.

There is centralised monitoring and detection powered by AI and machine learning, offering real-time awareness of vulnerabilities in a network. It is continuously being improved, with its most recent updates implemented to help eliminate “alert fatigue” by giving better insights to manage and respond to risks according to their severity.

Nozomi Networks has a proven reputation

“Nozomi Networks has a proven reputation for continuous innovation and these latest updates only add to it,” said Danielle VanZandt, a Frost & Sullivan industry analyst. “With the explosive growth of IoT devices in industrial environments, now more than ever, security professionals need faster paths to actionable intelligence and tools that support the best possible response. Nozomi Networks has stepped up with a solution that fills the gap.”

Cybersecurity is in a different era. Crooks are sophisticated, tools are more accessible, and attack surfaces are getting bigger as more people and their devices are connected to the Internet. Securing devices via obscurity is a myth, so making all assets visible to cybersecurity teams and an open approach to information sharing is necessary for building a strong and resilient defence strategy.

Click here to help unlock visibility across OT, IoT, and IT for accelerated security and better-protected digital transformation.