Member content from Subex
By Damon Acton
With each passing day, hackers become more sophisticated and stealthy, and we all know that cyberattacks are evolving faster than ever before. This is why every week we hear about a new company turning victim and losing data as fallout from a malicious exploit. Security teams have to strike a balance between budgetary, risk, and ease of use priorities while keeping their companies safe. This is a battle of wits, strategies, and tactics.
As we look specifically at Smart Cities we come across connected devices enabled by the Internet of Things (IoT) that are often unsecured and operate with little or no standards. From a cybersecurity standpoint, this translates into an easy entry point for hackers and malware developers to gain access and move laterally to the core and peripheral systems where they will steal data and wreak havoc.
Since smart cities run their critical systems including water treatment plants, pipelines, transportation, road safety, waste management, and utilities through connected and semi-connected systems, securing OT and SCADA-based critical infrastructures becomes a tough proposition.
The number of devices, network configurations, security implementations, exploits, and industry noise can make it confusing to fully understand what is going on. As such, we’ll help provide some clarity in this article by highlighting key concerns and give some high-level recommendations to improve the security posture of your connected Smart City.
Throughout 2020 there was an over 300% increase in attacks globally with a 44% increase in attacks focused on Smart Cities. While malware from unknown sources has risen over 30%, 2020 ushered in a huge increase of ransomware and crypto-mining malware. This trend speaks to the monetization efforts and priorities of the actors associated with these cyber-attacks. The other main and alarming trend to call out is the massive increase in Advanced Persistent Threats (APTs) or state-sponsored hacker groups coordinating targeted attacks with freelance and other established hacker groups. In short, moving forward Smart Cities have to combat sophisticated actors working through global networks that are backed by global coordination to monetize hacking exploits. Not an easy feat.
With the average number of days to detect a cyber-attack hovering somewhere around 165, what can be done?
Let me break it down for you:
- What Do I Have? First, you need an accurate and real-time picture of your connected devices, network, and how everything is linked. 95% of the customers we work with underestimate the number of connected devices that reside in their network or didn’t know a device was connecting to other areas of the network.
- What’s My Risk Level? Knowing about the hundreds or thousands of connected devices is great. But without knowing what type of exploits exist for those devices, you cannot even begin imagining the cyber risk management effort needed. The majority of the IoT devices we run into have older and out-of-date firmware that is open to attack. You should know about that and look to correct it. Maybe you should think about a penetration test as well to find out about your network weaknesses before it’s too late.
- Take Action. After you know what’s out there and what your risk level is, you need to take action to close those loopholes. Actively get a pulse on your network elements to figure out if an attack is already ongoing and shut it down. You’d be surprised how many clients we talk to have an attack ongoing but had no clue about it. Afterward, take some type of micro-segment action to confine hackers that do get in and prevent them from moving laterally within your network. Reduce that network attack surface and strengthen your compliance posture.
- Baseline Check… Now, get advanced. Once you have an understanding of where things sit today and have eliminated any current risks, where do you go now? Look at implementing a real-time threat intelligence feed that specializes in IoT devices. Take advantage of newer trends like Machine-Learning (ML), Artificial Intelligence (AI), synergies with IT/IoT networks, and automation to continuously improve your security posture.
- Confused? Lean on a vendor to run an entire managed service or Security Operations Center (SOC) to alert you and take necessary action if there is an issue with or an attack on your network/infrastructure. Ask questions! You aren’t in this alone.
Act now
Smart Cities must leverage IoT-connected devices in order to grow and scale, but don’t let that be the Achilles Heel in your network. As IoT and IT network lines blur and the massive rise in the number of new risks that plague our industry continues, we need solutions to these problems that are just as innovative and comprehensive. Action must be taken and quickly because it’s a matter of when you’ll be hacked, no longer simply if anymore. Don’t wait till a breach occurs to act.
Not sure where to start, have questions, or just want to talk about some of the latest trends that impact our industry? Give me a shout!