The next big cybersecurity risk for your organization? Your systems and devices.
Assess your organization’s risk from IT, OT and IoT systems and devices
Feb. 10, 2021 | By: Dave Englebrick
Advancements in technology and internet connectivity have made us more connected than ever. You can remotely manage your organization's systems and devices connected to the network. Connecting systems and devices to the network fosters data access, monitoring and remediation. But with convenience and efficiency comes risk. Your linked systems and devices become more exposed to vulnerabilities, including cyberattacks. Can you protect your organization's cybersecurity against these threats? Start with a holistic, systematic assessment of your IT, OT and IoT infrastructure.
What are the differences between IT, OT and IoT?
- Information technology (IT) is the use of computers to store, retrieve, transmit and manipulate data or information. IT is typically used within the context of business operations as opposed to personal or entertainment technologies.
- Operational technology (OT) is hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices.
- The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines with unique identifiers that can transfer data over a network without requiring human-to-human or human-to-computer interaction.
As OT converges with IT, organizations need to prioritize OT and IoT security.
The new target for cyberattacks: OT and IoT
Networks that support OT have long relied on proprietary protocols and software that were used to monitor and administer building management systems (BMS) or building automation systems (BAS). While IT has traditionally been separated from OT, they are now frequently connected to both each other and the internet. They deliver smart analytics, giving companies a single view into their systems. Opening network communication to OT and IoT, however, comes with its challenges.
In the past, these systems were not alluring targets to hackers. Because they were closed to the internet and outside world, there was nothing to gain or destroy. As OT converges with IT, organizations need to prioritize OT and IoT security.
IoT vulnerability and cybersecurity
Cybersecurity for OT and IoT involves protecting information and systems from major cyberthreats. The rate of internet connections is outpacing companies’ abilities to secure them. While many organizations have developed mature processes and controls for securing and protecting their IT networks and systems, networks related to OT and IoT are often overlooked, making them the perfect target for cyberthreats. Cyberattacks can impact your organization's bottom line, reputation and long-term business viability. A breach can cost a company millions and cause injuries or even loss of life.
Medical device cybersecurity
Hackers have set their sights on the healthcare industry. Medical devices hacked by bad actors could be the next big security breach. There are up to 15 devices connected to a hospital bed at any given time in the U.S. Many of these devices connect through the wireless network to provide a large amount of data to physicians and ultimately improve patients’ quality of care. But these devices reveal a dangerous vulnerability. Let’s look at the infusion pump, which is used to deliver nutrients, insulin, antibiotics, chemotherapy drugs, pain relievers, etc. A hacker could gain unauthorized access and administer a fatal overdose. This grave threat exists for pacemakers, MRI systems, heart rate monitors.
The solution to defend your organization
Protect your organization with TEKsystems as your partner. TEKsystems uses an automated approach to evaluate an organization’s OT and IoT vulnerabilities. Our methodology uses software to:
- Interrogate the industrial zones within the Purdue Model for any vulnerabilities
– Identification and classification
– Managed, unmanaged, along with IoT
– Wired and wireless devices
– Every device across every site (make, model, operating system and more)
– IoT devices on or off the network
- Discover noncentralized managed devices, such as printers, that may be vulnerable to credential issues
- Gain visibility and control over vulnerabilities on devices that are noncentrally managed
We then partner with organizations to:
- Develop a remediation plan
– Build a strategy to segregate devices on the OT network
– Standardize deployment of devices and services
– Leverage virtual LAN(s) for network segmentation
- Quarantine devices that are not capable of compliance with set security policies
- Reconfigure network devices and BMS or BAS control systems and devices
Partner with TEKsystems to conduct an assessment of your IT, OT and, IoT infrastructure. Together, we’ll find the vulnerabilities, develop a plan and safeguard your entire organization.
About Dave Englebrick
Dave Englebrick serves as a practice manager within TEKsystems Global Services Networking and Unified Communications practice. He has more than 35 years of industry experience in design, operations and R&D within the telecommunications realm. Dave has supported K-12 and higher education for 15 years, as well as the states of Kansas and Missouri. His knowledge spans from Cisco to Avaya, focusing his network discipline on design implementation.
Excerpts from this article appeared in Facility Executive, “Cybersecurity And Facilities Systems”