Page 76 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 76
1. New Trends in Political Warfare
Advanced cyber weaponry has redefined the current political landscape, making it easier for
cybercriminals operating within countries like Russia, to cripple entire organizations from overseas. The
Russia-Ukraine crisis is already impacting the daily lives of Americans in various ways, including the
spiking of gas prices.
But it could get so much worse. Hackers are no longer focused on size or scope, and every organization
is at risk. Cyber related sabotage may or may not be reserved for individual businesses. Instead, poorly
designed and executed malware or ransomware could affect all aspects of the U.S. including all aspect
of our critical infrastructure, e.g. banks, power plants, water treatment facilities and communications. We
are entering an entirely new era of war, where weapons leave the physical domain and enter the digital,
unseen, and behind-the-scenes attacks that will go unnoticed without the proper protections.
2. The Cybersecurity Labor Shortage is Real
The global cybersecurity talent shortage reached an estimated 3.5 million workers in 2021. Industry
experts warned of this dynamic for the past several years; however, the demand for skilled workers
continues to outstrip supply. Coupled with a growing threat landscape, asset owners are at risk.
For OT environments, the talent shortage is further impacted by managed services providers that have
focused on the IT side of the house. They offer IT cybersecurity services, but they lack an understanding
of and the right capabilities for protecting OT. Firms often don’t understand OT environments, how they
work, and how to restore them after an attack. They have limited knowledge of industrial control systems
and other similar technologies. Many of these managed services vendors also “don’t know what they
don’t know,” and tell companies they can help them with IT and OT, despite their knowledge gaps.
These firms need to stop stating they have these capabilities. People will realize it’s a serious industry
problem that requires OT specialization and expertise. However, in the current environment, OT
cybersecurity experts are hard to find, can be prohibitively expensive, and are difficult to retain. With OT-
focused managed security services, critical infrastructure companies can manage their risk better while
remaining focused on their core missions.
3. Security Loopholes Are Common
Inherent software vulnerabilities allow for more data flow and connections, which correlates to attacks.
This makes the stakes for identifying OT security headaches and diminishing risks extraordinarily high.
OT security isn’t just an internal concern, relegated to the halls of individual organizations. It’s a national
consideration. In April 2021, the White House unveiled a 100-day cybersecurity effort to protect the
nation’s power grid amidst increasing concerns regarding the state of the nation’s cybersecurity
vulnerabilities. The effort was followed by an attack on a major oil resource, the Colonial Pipeline, further
emphasizing the need for increased provisions. Repercussions of the hack were widespread, as The
76