First things first. In this time of crisis caused by the COVID-19 global pandemic, CyberX wishes our friends, family, customers, and the entire cybersecurity community health and safety. While we at CyberX are in the business of protecting people, production, and profits, when we say we “protect people” we mean we protect them from the physical harm that is caused by attacks on cyber-physical systems (CPS), and we of course leave the topic of protecting oneself from COVID-19 to the experts at the CDC.
Meanwhile the CDC, as we know, recommends social distancing as a means to prevent the spread of COVID-19. Businesses are therefore encouraging or requiring that their employees work from home.
Traditional IT security companies that provide “privileged access management” like our partners at CyberArk are working to fulfill the need to enable secure remote access for your employees and contractors. Government organizations such as CISA in the US are issuing guidelines for securing remote access. In other words, for traditional IT security companies, we are not in “business as usual” mode — trying times require additional measures and work to adhere to the new reality brought on by COVID-19.
The IoT/ICS world, however, is unique. Air gaps between IoT/ICS networks, IT networks,and the internet, which were perhaps common in the past, are disappearing. As businesses react to COVID-19, chaotic actors (“some people just want to watch the world burn”) are stepping up attacks on newly accessible networks and the increased number of workers accessing their workplace remotely. Many chaotic actors are attacking hospitals and research centers themselves — an especially pernicious attempt to slow the collective efforts meant to combat COVID-19.
What can you do? CyberX recommends three courses of action:
- Monitor all remote connections to your IoT/ICS networks and the new lateral movement that might be caused by these remote connections, and alert on new or anomalous connections over RDP, SSH, or VNC that appear on your network. A top attack vector is adversaries accessing your IoT/ICS network using valid credentials stolen from employees or third-parties (via phishing, for example). Customers of CyberX already have these alerts enabled by default. If you are not sure if you have this capability enabled, contact your customer support representative or email us at [email protected] to find out. Our support representatives will determine if you are already protected and enable this feature if you are not. We’ve made this service free to customers while COVID-19 remains a global pandemic.
- Implement secure forms of remote access incorporating modern capabilities like 2FA, audit trails, and password vaults (so that remote access credentials aren’t being shared). These include Privileged Access Management (PAM) solutions from our integration partner, CyberArk as well as others such as BeyondTrust.
- Ensure that your IoT/ICS security is integrated with the rest of your IT security stack. We can help you integrate with our partner solutions like Splunk, ServiceNow (ticketing and CMDB), IBM QRadar, Microsoft Sentinel, and Microsoft Azure Security Center for IoT, as well as protection solutions such as Fortinet, HP Aruba, Palo Alto, Cisco, and Waterfall, CyberX integrates via APIs with these solutions to streamline and automate your incident response workflows. It’s critical to ensure rapid response in these times with fewer resources on staff.
During these challenging times, we’d like to assure you that CyberX support will continue to provide the best support possible.
We have a thorough business continuity plan to ensure support will continue to be provided. We have our teams spread globally and can address most issues remotely. On top of that, you can also contact your Customer Success Manager or e-mail us at [email protected] with any additional queries or concerns you may have.
We respect that this time might be challenging for your business and we’ll do everything possible to assist wherever possible.
Interested in seeing a live technical demo of the CyberX IoT/ICS cybersecurity platform (no travel required)? Join us on Friday, March 27 at 10:30am ET / 15:30 GMT to learn about emerging IoT/OT threats and how to implement sound security practices to reduce risk.