DUBAI, UAE — The UAE, along with the wider GCC, has become a prime target for malicious actors. According to a report, the UAE repels over 50,000 attacks daily. The financial repercussions of successful attacks are staggering — IBM Security indicates that the average cost of a breach in the UAE and KSA is approximately US$8 million. Then there’s the critical infrastructure sector, where the financial impact is dwarfed by societal consequences. Professionals have long warned of major cyberattacks on national telecommunications, government services, utilities, healthcare providers, and banks. These attacks are not just possible; they have already occurred. And they haven’t just happened anywhere; they have happened here, in the GCC.
In 2017, Saudi Aramco’s Schneider Electric-manufactured industrial control system (ICS) was targeted. Investigators noted that if not for a flaw in the malware, the attack could have triggered an explosion. Earlier this year, the UAE’s UN ambassador informed the Security Council about the nation’s experiences with critical infrastructure attacks. Healthcare providers, banks, and the government had been targeted. It’s imperative to transform our most critical systems into impenetrable fortresses.
Several factors have further complicated the task for those leading these new protection initiatives. First, ICS or operational technology (OT) is undergoing a digital transformation as the region’s successful 5G rollouts have paved the way for new Internet of Things (IoT) applications in heavy industry. The eagerness of business executives has placed security professionals under stress, uncertain of how to manage the IT-OT convergence. When critical machinery is connected to the Internet, the potential danger is palpable, even without alarming headlines. Secondly, attackers are becoming more sophisticated, learning to successfully target ICS for financial or political gains.
Mitigating risk begins with establishing a playbook. While every enterprise has its unique aspects, there are commonalities that can guide you in addressing cybersecurity in an ICS environment.
- Enhancing visibility
A Security Operations Center (SOC) that only focuses on IT can quickly become overwhelmed when tasked with protecting an IT/OT environment. It’s challenging enough to prepare for a single threat that breaches your defenses and exploits your valuable data. But what if a threat infiltrates your machinery, causing damage, disrupting business operations, or harming an employee or customer?
You need a thorough understanding of every asset connected to your network—its function, vulnerabilities, and risk status. It’s also crucial to be aware of every third-party organization in your supply and value chains that connects to your network. Supply chain attacks are increasingly common today.
2. Strengthening our people
The external threat actor often dominates headlines, but system compromises frequently occur due to credential theft by remote attackers. This emphasizes the importance of scrutinizing internal factors. This time, your focus is not on software and hardware assets, but on human ones. Insider threats come in various forms. Disgruntled employees with the right network privileges can inflict significant damage, but so can loyal, unwitting staff members. Therefore, employee awareness and training are vital for protecting critical systems.
When coupled with zero-trust security measures, you establish a robust foundation. Make sure employee training and awareness programs are customized to your specific environment. Educate your employees on how their daily routines intersect with cyber vulnerabilities and how they can contribute to the solution by adhering to basic cyber hygiene practices. Enhance these lessons by presenting industry-specific scenarios and threat vectors. Effective awareness sessions can cultivate a culture of cybersecurity vigilance.
3. Streamlining our workflows
Our web applications facilitate the sharing and transferring of critical documents. However, spreadsheets, PDFs, and other file types can unwittingly serve as carriers for malware. This can lead to significant harm when an attacker moves laterally from an initial account to one with more extensive privileges. Adhering to regulatory guidelines helps ensure your organization aligns with industry standards and legal requirements. Interestingly, regulatory frameworks often mirror best practices. Therefore, compliance is frequently the most effective defense against malware hidden in everyday documents.
4. Staying ahead of cybercriminals
The sophistication of modern threat actors, who now have access to AI among other tools, is frequently discussed. Initial malware drops are often just the beginning of a campaign to find a critical vulnerability to exploit. Organizations in critical infrastructure need actionable threat intelligence to stay a step ahead of their adversaries. Investing in the latest technologies and processes, such as sandboxing and advanced malware analysis, is essential. If you’re constantly playing catch-up, you’ll never be able to prevent crises; by the time you identify the threat, the damage may have already been done.
A key component of staying informed is collaboration and information sharing. Industries must encourage pooling resources and join forces with relevant authorities. Information sharing and analysis centers (ISACs) and other forums can be instrumental in keeping stakeholders informed about emerging threats and vulnerabilities within ICS environments.
Adapting to survive
We find ourselves in a continuous battle of adaptation against threat actors. The entities that remain standing will be those that adapt most effectively. They will have established comprehensive visibility systems, ingrained a culture of cyber awareness, embraced best practices for managing daily files, and collaborated with every available ally to forge a cybersecurity posture for the future. Critical infrastructure organizations are distinct from other enterprises; their downfall could bring entire sectors of the economy down with them. It is hoped that in the coming year, ICS security will receive the comprehensive overhaul it so urgently requires.
Sertan Selcuk is OPSWAT’s Vice-President for Middle East, Turkey, Africa, and Pakistan & Commonwealth of Independent States.
The opinions expressed are those of the author and may not reflect the editorial policy or an official position held by TRENDS.