Vulnerabilities in our Infrastructure: 5 Ways to Mitigate the Risk
Excluding the financial services industry, there were 649 breaches reported on and analyzed for the 2018 Verizon Data Breach Investigations Report (DBIR)in industries that are considered part of infrastructure verticals. These include utilities, transportation, healthcare, and others that employ operational technology (OT) systems in addition to traditional IT for their main operations.
In total, that represents 29.2% of reported breaches (not incidents). So, what exactly does that mean?
It means that just because an incident hasn't happened in your infrastructure environment, that doesn't mean it won't happen or that you can postpone or underfund your cybersecurity efforts. No, I don't believe we are facing a "Cyber Pearl Harbor." But I do believe organizations operating both IT and, particularly, OT systems need to put a more conscious effort into securing these systems not only from a security perspective but in terms of quality, safety, and reliability.
Although OT industries face a similar set of problems as traditional IT, the overall application of security programs and technologies is quite different in OT, and there is even more differentiation based on the characteristics of each vertical. That being said, there are best practices in key areas, both technical and organizational, that can help mitigate the risk to infrastructure environments, regardless of the vertical.
Read about the five best practices here.
Recommended For You
It’s time to check your computer network because the bane of many a digital security professional’s existence has returned!
Network security is complex and challenging. If you want to strengthen your network security, never follow these four tips.
In the case of cloud-deployed systems that have exposed our data, that silver lining is that we know more about where and how these breaches occur.
IT and security teams must work together to ensure a company’s entire infrastructure is protected, regardless if workloads are run on-premises or in the cloud.
Intent-based segmentation can interpret business and security requirements and converts that into a segmentation policy that protects and isolates resources.