CPO Magazine, a website that reports on cybersecurity issues, recently published this story about the increasing risk to industrial networks.
According to a new report by Mandiant Threat Intelligence, a company that sells cybersecurity systems and provides insights on threat levels, industrial cybersecurity systems are seeing an increase in attacks from low-level hackers.
Industrial operational technology (OT) systems include: control systems, building management systems, fire control systems and physical access control systems. Hackers are focusing on them because these types of systems, which bridge infrastructure to the internet, are often not protected by cybersecurity and are simply left out in the open, making them easy pickings.
It's not that control systems have much value, but that they are easy to infiltrate, making them low-hanging fruit, the report states.
Watch a video about the types of threat intelligence:
"The Mandiant report examines not just cyber attacks that consist of ransomware delivered via a compromised employee account, but also those that escalated to the ability to directly control elements of OT systems," the article states. "Some of the attackers actually interacted with the systems in some way, while others have been found selling direct access to these components."
The main point? Industrial-level building systems are not secure, are connected to the internet and even low-level hackers are taking advantage. Most industrial building systems are unable to use advanced cybersecurity systems, because those systems don't meet certain protocols and standards. This security vulnerability could result in severe damage to buildings across the U.S.
One security expert suggests, "Securing the data that traverse OT networks requires the use of cryptography technology that can work with legacy systems and provide enhanced encryption and user authentication for all access vectors, all while complying with standards and regulations."
Read more here.