Top 10 Cybersecurity Risks for Remote IT Teams

We at Shift Ahead have witnessed dramatic changes in the industrial landscape. The merging of Information Technology (IT) with Operational Technology (OT) is not a distant dream anymore; it is the actual state of the industry today.

Nevertheless, when infrastructure teams rely on remote monitoring and management so as to enhance their productivity, at the same time, here they are exposing themselves to hackers by broadening the attack surfaces.

Recently, Shift Ahead collaborated with a giant global manufacturing company in remaking their remote access security, and so they came up with a model to eliminate the top 10 cybersecurity threats that remote infrastructure teams face today.

The Problem: A Perimeter Too Vulnerable in a Connected Environment

We dealt with a client who very seriously needed manufacturing. In other words, to sustain 24/7 continuous operations, remote engineering teams had to have access to the control units (PLCs) and human interfaces (HMIs) from their homes or any other places.

Unfortunately, the sites' heritage systems had not been built for the era of remote communications. Data collected from the sector shows that OT cyberattacks have more than doubled in the last two years, with manufacturing being the most exposed sector.

In the case of our client, they were operating on a very simple network where a hacker can easily manages to enter through a remote worker’s computer can bring the entire production to a halt.

Plan 1: Integrate Remote Access with Air-Gapped Security

To start with the Shift Ahead scope of work, we chose to concentrate on the biggest problem, which is very common among many other similar problems: Unsafe Remote Access Points.

Firstly, using a VPN, which, in fact, is very widely used among infrastructure teams, is not a great idea because it is “too permissive”. As for our manufacturing client, the decision was to go with a Zero Trust Network Access (ZTNA) model.

The major differences between a VPN and ZTNA are the following:

· A VPN provides the user with the keys to the whole kingdom.

· ZTNA only allows remote employees to get access and even be “visible” to those very specific industrial assets that they are authorized to be managing.

So basically, by doing this, we physically stopped the attackers from being able to move freely among the systems, which is one of the main techniques that they use.

Plan 2: Fight the Most Common 10 Risks of OT Security

Throughout the diagnostic phase, we came up with the list of the following 10 major issues that remote infrastructure teams normally struggle with:

· Phishing attacks and credential theft: Remote teams are often the target of very complicated social engineering attacks to steal administrative logins.

· Legacy systems that are still running unpatched: Hardware in Operational Technology mostly runs on very old versions of the software that cannot be updated easily without downtime.

· Not using Multi-Factor Authentication (MFA): The only reliance on passwords for access to the SCADA system is a very risky decision.

· Shadow IT: Remote engineers sometimes are willing to break the rules by using unauthorized third-party tools to transfer files or monitor data.

· End points that are not secure: Staff using personal devices and home Wi-Fi networks often do not have enterprise-grade encryption.

· Insider threats: Internal personnel are still the leading cause of data leaks whether malicious or accidental.

· Supply Chain vulnerabilities: Vendors are always the weak link in the chain as far as security is concerned since they often have remote access.

· Poor network segmentation: The separation of the IT and OT environments by creating “demilitarized zones” (DMZs) has become a very popular strategy to apply but unfortunately it is still not done by many organizations.

· Low quality logging and monitoring: Quite a few companies that have OT cannot detect a breach in real-time because of the lack of telemetry.

· Unavailability of automated incident Response: Remote teams frequently don’t have a clear “kill switch” procedure for cyber-physical emergencies.

Execution: A Security Makeover in Four Steps

Shift Ahead carried out a four-step modular security makeover to the client’s remote infrastructure enabling it to withstand the following cyber threats:

1. Step -1: Asset discovery and risk profiling:

Firstly, we took a non-intrusive approach by deploying tools that were specifically designed to help us map all devices connected to the shop floor and, as a result, we managed to identify “ghost” assets that IT was previously unaware of.

2. Step -2: Micro-segmentation:

We strayed away from the traditional practice of connecting the manufacturing network as a whole. Rather, we created a security zone for each and every department. So, for instance, even if the “Packaging Zone” was under attack via a remote connection, the “Chemical Processing Zone” would be closed off to the perpetrators and would be safe.

3. Step – 3: Identity and access management (IAM) revamping: 

We used hardware MFA as a fortification for all remote sessions and as a result, a stolen password alone will not be able to help an attacker to gain access anymore.

4. Step – 4: Continuous OT monitoring:

We set up a Security Operations Center (SOC) that is specifically geared towards industrial protocols (such as Modbus and PROFINET) in order to be able to notice if there were any deviations from regular machine behavior.

Statistical Impact and Outcomes

The outpour of a comprehensive security plan by our company was the first and foremost indication of a job well done as was the ability of success that was measurable.

After the four-step modular approach had been completed, during the first six months we were able to help our client to incapacitate 90% of the unauthorized attempts at entry even before they could be executed.

Besides that, our client confessed that it was also due to the automation of the patch management system for remote gateways that the “window of vulnerability” i.e. the period between the discovery of a bug and its correction has been reduced from 45 days to less than 48 hours.

According to the statistics a data breach in the manufacturing sector costs on an average $4.73 million; therefore, by this engagement with our client, which was proactive, they were able to secure their profit line as well as provide the safety of the physical operations in the factory.

Final Verdict - Our Client’s Trusted Results

At Shift Ahead, we regard that remote infrastructure can and should be a strong point instead of a weak one.

Taking into account the uncommon junction of cybersecurity and OT, we can give the manufacturing executives the right capability to innovate without fear, with the knowledge that their production lines are safeguarded by world-class digital defense ​‍​‌‍​‍‌​‍​‌‍​‍‌standards.