web analytics

Australian Industries Need OT-IT Convergence to Beat Attacks – Source: www.databreachtoday.com

australian-industries-need-ot-it-convergence-to-beat-attacks-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)

IT and OT Teams Rarely Talk and When They Do, They Rarely Agree On Anything

Jayant Chakravarti (@JayJay_Tech) •
May 29, 2024    

Australian Industries Need OT-IT Convergence to Beat Attacks
Aerial view of Port Kembla steelworks and factories in New South Wales, Australia (Image: Shutterstock)

Australian critical infrastructure organizations must enable greater convergence between their information technology and operational technology teams to better respond to cybersecurity threats to their OT infrastructure, according to a new study by Palo Alto Networks.

See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge

The cybersecurity company said cyberattacks on OT systems owned and operated by critical infrastructure organizations could result in “significant and immediate business impact” and cause a shutdown lasting days or even weeks – something that such organizations or governments can ill-afford.

As critical infrastructure companies provide essential services to the wider public – such as railroads, electric power, water supply and transportation – a successful cyberattack on these organizations could mean significant financial gain or geopolitical impact for attackers.

“The high-risk nature of industrial operations means that safeguarding an OT environment is essential not only for business continuity, but also for national security,” the company said.

Palo Alto Networks’ warning arrives a few months after a major cyberattack forced Dubai-based DP World, which handles roughly 40% of Australia’s international container cargo each year, to close ports in Sydney, Melbourne, Brisbane and Fremantle. The national cybersecurity coordinator said the cyberattack was “nationally significant” (see: Major Australian Ports Affected by Cyber Incident).

Earlier in May, Australian east coast electricity provider Ausgrid said it could lose up to $2 billion a day if a major cybersecurity incident causes a complete shutdown of its infrastructure and disrupts people’s livelihoods (see: Aussie Energy Giant Fears Losing Billions to Cyberattacks).

Researchers said 3 in 4 organizations have experienced a cyberattack on their OT environment, and some have experienced a number of attacks that is above the global average. Considering the scale at which industrial facilities operate, a shutdown could mean lost “revenue opportunities, as well as damage control and event remediation costs, which can include additional security technologies and services, communications with customers and suppliers, law enforcement, and public relations,” Palo Alto said.

“Longer-term costs can include reputational damage, regulatory penalties, higher insurance premiums, and supplier and customer costs due to late or non-deliveries, among others,” the researchers warned.

Palo Alto said OT infrastructure operators need to understand the threat landscape and the factors that motivate hacking attacks and find appropriate solutions to counter the threats and minimize the risks to OT. “Industrial environments can differ significantly, presenting a highly fragmented ecosystem with different risk tolerance. Understanding the target, as well as the threat landscape, goes a long way to building an effective defense,” it said.

The foremost challenge in building a resilient OT infrastructure, the company said, is that OT and IT teams typically operate in silos and have different priorities to address. While IT teams have traditionally been in charge of security companywide, OT teams have exclusively focused on industrial operations.

Because of the discrepancy in their historical roles, IT and OT teams rarely collaborate when making purchase decisions for OT cybersecurity products – a factor that goes against the concept of shared responsibility for the security of industrial assets.

A survey of technology leaders by Palo Alto Networks found that in a majority of industrial organizations, IT and OT teams make independent cybersecurity decisions and even when they meet, they struggle to align their views or make joint decisions.

“This difficulty in coordination is a significant obstacle that can impede the successful deployment and operation of OT cybersecurity,” Palo Alto said. “A piecemeal approach to cybersecurity will help neither IT nor OT, regardless of the caliber of solutions invested in, resulting in the continued exposure of vulnerable OT assets.”

A Rockwell Automation-Claroty survey also found that only 1 in 5 industrial organizations in Australia reported a high level of collaboration between IT and OT teams, based on the perception that disconnected OT systems operated independently of IT systems. But with the influx of internet-connected OT devices, that assumption no longer holds true.

“It has therefore become incumbent on OT operators to ensure they are operating in line with security standards that apply across the broader IT environment,” the survey said.

Original Post url: https://www.databreachtoday.com/australian-industries-need-ot-it-convergence-to-beat-attacks-a-25358

Category & Tags: –

Views: 2

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Microsoft
GDPR & Generative AI
GDPR & Generative AI
European Union Agency for Fundamental Rights
GDPR IN PRACTICE
GDPR IN PRACTICE
FS.ISAC
Navigating Cyber
Navigating Cyber
KPMG
Fraud risk management
Fraud risk management
CYFIRMA
Fletchen Stealer
Fletchen Stealer
IGNITE Technologies
FILE TRANSFER CHEAT SHEET
FILE TRANSFER CHEAT SHEET
Securesee
CYBER CRISIS INVESTIGATION AND MANAGEMENT
CYBER CRISIS INVESTIGATION AND MANAGEMENT
ACN
Guidelines for secure AI system development
Guidelines for secure AI system...
Incibe
Ciberseguridad en Smart Toys
Ciberseguridad en Smart Toys
Flashpoint
Global Threat Intelligence Report
Global Threat Intelligence Report
HSBC
A new payments paradigm
A new payments paradigm
WORLD BANK GROUP
Global Cybersecurity Capacity Program
Global Cybersecurity Capacity Program

More Latest Published Posts

ISA GLOBAL CYBERSECURITY ALLIANCE
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards
Rajneesh Gupta
IAM Security CHECKLIST
IAM Security CHECKLIST
sqrrl
Hunt Evil
Hunt Evil
Searchinform
How to protect personal data and comply with regulations
How to protect personal data and comply with regulations
Giuseppe Manco
Threat Intelligence Platforms
Threat Intelligence Platforms
CSA Cloud Security Alliance
Hardware Security Module(HSM) as a Service
Hardware Security Module(HSM) as a Service
IGNITE Technologies
CREDENTIAL DUMPING FAKE SERVICES
CREDENTIAL DUMPING FAKE SERVICES
IGNITE Technologies
A Detailed Guide on Covenant
A Detailed Guide on Covenant
NIST
Computer Security Incident Handling Guide
Computer Security Incident Handling Guide
IGNITE Technologies
DIGITAL FORENSIC FTK IMAGER
DIGITAL FORENSIC FTK IMAGER
Accedere
Cloud Security Assessment
Cloud Security Assessment
YL VENTURES
CISO Reporting Landscape 2024
CISO Reporting Landscape 2024
CISO Edition
Reporting Cyber Risk to Boards
Reporting Cyber Risk to Boards
CIOB
CIOB Artificial Intelligence (AI) Playbook 2024
CIOB Artificial Intelligence (AI) Playbook 2024
INCIBE & SPAIN GOVERNMENT
Nuevas normativas de 2024 de ciberseguridad para vehículos
Nuevas normativas de 2024 de ciberseguridad para vehículos
INNOVERY
RESILIENCIA
RESILIENCIA
CEH
Certifications Preparation Guide
Certifications Preparation Guide
Sandhya Kaushik
Checklist for Securing Your Android Apps
Checklist for Securing Your Android Apps
aDvens
May Cyber Threat Intelligence monthly report
May Cyber Threat Intelligence monthly report
Insikt Group
Caught in the Net
Caught in the Net
IGNITE Technologies
BURP SUITE FOR PENTESTER TURBO INTRUDER
BURP SUITE FOR PENTESTER TURBO INTRUDER
SYED ABUTHAHIR
BUG BOUNTY AUTOMATION WITH PYTHON
BUG BOUNTY AUTOMATION WITH PYTHON
Foresiet
Brand Impersonation Attacks
Brand Impersonation Attacks
Google Cloud
Board of Directors Handbook for Cloud Risk Governance
Board of Directors Handbook for Cloud Risk Governance
ISACA
Blueprint for Ransomware Defense
Blueprint for Ransomware Defense
Shaurya Rawal
Blockchain Security
Blockchain Security
RISK academy
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
BEST RISK MANAGEMENT PROMPTS FOR CHATGPT
IGNITE Technologies
Best Alternative of Netcat
Best Alternative of Netcat