Distant Entry Instrument Sprawl Will increase OT Dangers

Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warned security researchers from Claroty.

See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge

>

Claroty’s Team82 reported that after inspecting greater than 50,000 distant access-enabled units reported by clients, it decided that greater than half of organizations use 4 or extra distant entry instruments. One-third deploy six or extra.

Distant entry instruments are important in OT environments the place directors can not at all times bodily handle essential infrastructure. However distant entry introduces quite a few potential vulnerabilities that risk actors exploit. Regardless of safety protocols obtainable to guard these entry factors, Team82’s report suggests many organizations aren’t totally using them.

A transparent majority of organizations use greater than two nonenterprise-grade distant entry instruments. These instruments lack privileged entry administration options resembling session recording, auditing, role-based entry controls and multifactor authentication. The absence of those fundamental security measures will increase danger publicity and creates an operational burden in managing a number of options.

Researchers mentioned that past the shortage of security measures, organizations face elevated assault surfaces because of the overabundance of exterior connections into OT networks. These connections, notably these involving nonenterprise-grade instruments, typically lack visibility, leaving OT directors unaware of exterior exercise. In lots of instances, third-party distributors additionally join to those networks with their distant entry options, additional complicating monitoring efforts.

A number of distant entry options require complicated identification administration processes. Managing permissions and entry controls turns into tougher, typically leading to blind spots in entry rights administration. Such inefficiencies elevate the chance of misconfigurations and exploitation by cybercriminals.

The operational burden of managing a number of distant entry instruments is one other concern, including each complexity and value to OT environments.

Researchers suggest organizations want to ascertain full visibility into their OT networks to grasp what number of distant entry options are in use.

Eliminating or minimizing using low-security instruments, notably these with out essential options resembling MFA, is a essential step to cut back danger, researchers mentioned. Standardizing safety necessities for each inner operations and third-party distributors is essential, additionally they mentioned. A consolidated entry management coverage won’t solely enhance safety but in addition improve operational effectivity by decreasing the variety of instruments wanted.