• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

8 Easy Ways to Fortify Operations from Cyber Threats with Technology You Already Have

Companies can take advantage of security features and best practices from existing investments with no further spend required.

May 13, 2022 Matt Powers Leave a Comment

OT Cybersecurity, network security

If you thought cybersecurity couldn’t become more of a priority, think again. Belligerent nation-states and other bad actors are expected to launch a concerted effort to steal trade secrets, disrupt services, and execute malicious programs intended to cause infrastructure outages, damages, and worse. One study found a 100% increase in nation-state incidents from 2017 to 2020. And if that’s not nerve wracking enough, we are still dealing with security threats from ransomware, malware and the like.

In today’s interconnected world, anyone and any organization could be a target. That includes operational technology (OT) in the industrial space – a market that has a plethora of soft targets. Unsupported PCs, flat networks with little thought given to security, and old model programmable logic controllers (PLCs) – industrial computers adapted to control the manufacturing process for things such as assembly lines and machines – are ripe for adversaries to compromise, especially as OT and IT converge.

Related: Just 42% Of Security Pros Can Detect IoT, OT Vulnerabilities

As these OT components go from being stand-alone, independently operated pieces of equipment to being connected to IT networks (hello IoT!), these endpoints have become susceptible entry points for hackers. Unlike other scenarios where hackers are after compromised information or data, those targeting industrial environments are often seeking to cause chaos. These attacks on OT have the potential to cause physical harm, posing big risks to both public and employee safety. Gartner offers a grim prediction for just how quickly these types of cyber threats could be weaponized.

There is good news, however, is there are practical things that can be done – with infrastructure already in place – to fortify OT/IT operations. Here are eight things organizations can do today to help put themselves and others out of harm’s way. The first four are obvious, and the second set less so, but all help ensure companies can take advantage of security features and best practices from existing investments with no further spend required.

First Four: Obvious, but proven

1. Update passwords. Simple, yet incredibly effective. Take it a step further and set up a schedule to consistently reset passwords for maximum benefit.

2. Protect and keep current user accounts. Leverage your existing Active Directory to manage permissions and controls. For example, when employees leave the company or move to different departments within the organization, their permissions should be revoked or adjusted accordingly. In tandem, user accounts should be periodically reviewed to make sure the correct access controls are in place.

3. Separate administrators from operators. Admin accounts should always be closely guarded, and operators should not be able to make inappropriate system changes. Often these happen on accident as human error plays a role, but the impacts can be widely felt. Ensuring the separation of these two groups ensures any accidental system changes are minimized.

4. Segment the network. You have the flexibility to determine how to break down your network into smaller pieces. Doing so is an easy way to add a layer of security to your system and to isolate events. This can also come with an added benefit of improved performance.

Second Four: A layered approach

5. Consider 802.1x port security and disable unused ports. With 802.1x, clients must authenticate through the network when connecting. This means any rogue devices present on the network will not be able to connect and garner unauthorized access. Disabling any unused ports works the same way and prevents unauthorized devices from being plugged in to the network.

6. Save configuration backups offline. Any devices on the system that can have a saved configuration file should have current and prior versions saved in an offline location. In the case of a cyber incident or hardware replacement, those saved configurations can save you a lot of time as you get things back up and running.

7. Disable unused services. Notice a pattern here? It’s important to be proactive so that anything that’s not being used is disabled to prevent unauthorized access. Taking advantage of unused services is a common way for hackers to access a network. Reduce your risk by simply turning them off.

8. Reassign native VLANs. Just like network segmentation, reassigning native VLANs is another opportunity to layer on additional security with equipment that would already be in your system.

The union of IT and OT allows access to data and control that was previously unattainable – and with it comes an increased attack surface for cybersecurity threats. By deploying the eight best practices outlined above, organizations can quickly take steps to help harden their infrastructure and reduce the opportunity for hackers to wreak havoc, all without spending additional dollars on cybersecurity infrastructure.

This piece was written by Matt Powers, vice president of global technology & support services at Wesco International.

Tagged With: Cybersecurity, Industrial Security, OT

Related Content:

  • XorDdos, Linux DDoS Trojan Watch Out For This Linux DDoS Trojan, Microsoft…
  • CISA, MSP Is Your IT Department Augmented by an MSP?…
  • digital transformation Three Causes of Pervasive Workplace Friction and How…
  • Department of Justice Ethical Hackers DOJ Officially Revises Policy, Will Not Charge Ethical…

Free downloadable guide you may like:

  • The State of the IT Department in 2022

    The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to making business decisions. Check out our new report to see what your peers in IT think about top concerns and opportunities in 2022.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

Hybrid Work Challenges
The Three Most Common Hybrid Work Challenges Two Years Into the Pandemic

Many of us have been working in a hybrid environment for two years now. Our editors thought this would be a good time to take a look at what’s work...

These 10 IT Certifications Are Critical To An IT Pro’s Success in 2022

Here are 10 cloud, data and security certifications that we identify as critical to an IT professional’s resume in 2022 and beyond, according to a ...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2022 Emerald X, LLC. All rights reserved.