web analytics

Remote Access Tool Sprawl Increases OT Risks – Source: www.databreachtoday.com

remote-access-tool-sprawl-increases-ot-risks-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)

Over-Deployment of Tools Raises Security and Operational Concerns

Prajeet Nair (@prajeetspeaks) •
September 13, 2024    

Remote Access Tool Sprawl Increases OT Risks
Piling on remote access tools, especially tools without functionality such as auditing, isn’t great for operational technology security. (Image: Shutterstock)

Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warned security researchers from Claroty.

See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge

>

Claroty’s Team82 reported that after examining more than 50,000 remote access-enabled devices reported by customers, it determined that more than half of organizations use four or more remote access tools. One-third deploy six or more.

Remote access tools are essential in OT environments where administrators cannot always physically manage critical infrastructure. But remote access introduces numerous potential vulnerabilities that threat actors exploit. Despite security protocols available to protect these access points, Team82’s report suggests many organizations are not fully utilizing them.

A clear majority of organizations use more than two nonenterprise-grade remote access tools. Those tools lack privileged access management features such as session recording, auditing, role-based access controls and multifactor authentication. The absence of these basic security features increases risk exposure and creates an operational burden in managing multiple solutions.

Researchers said that beyond the lack of security features, organizations face increased attack surfaces due to the overabundance of external connections into OT networks. These connections, particularly those involving nonenterprise-grade tools, often lack visibility, leaving OT administrators unaware of external activity. In many cases, third-party vendors also connect to these networks with their remote access solutions, further complicating monitoring efforts.

Multiple remote access solutions require complex identity management processes. Managing permissions and access controls becomes more challenging, often resulting in blind spots in access rights management. Such inefficiencies raise the risk of misconfigurations and exploitation by cybercriminals.

The operational burden of managing multiple remote access tools is another concern, adding both complexity and cost to OT environments.

Researchers recommend organizations need to establish full visibility into their OT networks to understand how many remote access solutions are in use.

Eliminating or minimizing the use of low-security tools, particularly those without critical features such as MFA, is a necessary step to reduce risk, researchers said. Standardizing security requirements for both internal operations and third-party vendors is crucial, they also said. A consolidated access control policy will not only improve security but also enhance operational efficiency by reducing the number of tools needed.

Original Post url: https://www.databreachtoday.com/remote-access-tool-sprawl-increases-ot-risks-a-26288

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

DevSecOps Guide
Attacking Rust
Attacking Rust
DevSecOps Guide
Attacking Pipeline
Attacking Pipeline
DevSecOps Guide
Attacking Golang
Attacking Golang
HADESS
Assembly for Hackers
Assembly for Hackers
BIONIC
Application Security Posture Management
Application Security Posture Management
Wallarm
API ThreatStatsTM Report
API ThreatStatsTM Report
Wallarm
API Security Checklist
API Security Checklist
DevSecOps Guide
ANSIBLE PLAYBOOKS
ANSIBLE PLAYBOOKS
Dr. Gemma GALDON CLAVELL
AI Auditing
AI Auditing
RAND
Securing Al Model Weights
Securing Al Model Weights
GDPR
CYBERSECURITY INCIDENT RESPONSE PLAN 1
CYBERSECURITY INCIDENT RESPONSE PLAN 1
KPMG
Cyber security guide for SMEs
Cyber security guide for SMEs

More Latest Published Posts

Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act – Control Mappings
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing
IGNITE Technologies
Disk Group Privilege Escalation
Disk Group Privilege Escalation
Hiral Patel
Data LossPrevention(DLP)
Data LossPrevention(DLP)
Polygon
Digital identity – Deutsche Bank Corporate Bank
Digital identity – Deutsche Bank Corporate Bank
CSA Cloud Security Alliance
The Six Pillars of DevSecOps:Collaboration andIntegration
The Six Pillars of DevSecOps:Collaboration andIntegration
ASPIRE SYSTEMS
A complete guide toImplementingDevSecOps in AWS
A complete guide toImplementingDevSecOps in AWS
GAO
CYBERSECURITY PROGRAM AUDIT GUIDE
CYBERSECURITY PROGRAM AUDIT GUIDE
Apress
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
Demystifying Intelligent Multimode Security Systems An SystemsAn Edge-to-Cloud Cybersecurity Solutions Guide
PWC
Data Privacy Handbook
Data Privacy Handbook
CERT-EU
DDoS Overview and Response Guide
DDoS Overview and Response Guide
IGNITE Technologies
Data Exfiltration Cheat Sheet
Data Exfiltration Cheat Sheet
CRC Press
Data Privacy for the Smart Grid
Data Privacy for the Smart Grid
New York State
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Cybersecurity Program Template A resource to help individual licensees and individually owned businesses develop a cybersecurity program as required by New York State’s Cybersecurity Regulation 23 NYCRR Part 500
Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats and security best practices
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by Cigref
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web Server SystemsHacking Techniques
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration and Integration
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data
OPSWAP
Securing ICS SCADA updates OT Environments
Securing ICS SCADA updates OT Environments
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries