Claroty: VPN Vulnerabilities Endanger OT Networks
… less comprehensive than the stringent role- and policy-based administrative controls and monitoring capabilities required to secure OT remote access connections and minimize the risks introduced by employees and third-parties. Organizations need to evaluate remote access solutions that support the full spectrum of needs and use cases required for OT network administrators.
CF: What can MSSPs and other cybersecurity providers do to help protect organizations from these types of threats?
NE: First of all, patch! The vendors did an amazing job of providing patched/fixed versions, so customers are encouraged to find and patch any vulnerable product and software. That said, we would also suggest monitoring the remote access solution for any abnormal activity. Remotely authenticated users are better than unknown sources accessing your network. But you should always monitor your users’ activity for abnormal behavior. This approach is important, especially with this grade of remote access solutions that provide access to critical OT networks.
CF: Are we likely to see more of these types of VPN vulnerabilities as work from home continues? If so, why?
NE: Yes. In recent weeks we have seen numerous vulnerabilities published on popular remote access solutions. We expect that in the COVID-19 reality of working from home, the increased use of these platforms will drive increased interest both from the operational side, as they become more process-critical, and from the security side, as they become more common. Denial-of-service (DoS) attacks on these components of the enterprise infrastructure could potentially emerge as a new tactic used by financially motivated attackers.
Netwrix: IT Skills Shortage Shifting Organizations’ Priorities
A new report by Netwrix shows a majority of organizations remain concerned about security related matters, but now have to do more with less.
The 2020 Netwrix IT Trends Report: Reshaped Reality summarizes feedback from more than 900 IT professionals worldwide about the projects they are planning for the rest of the year. The online survey looks at organizations’ changing IT priorities since a similar survey late last year.
At the end of 2019, data security was the No. 1 priority and it remains there now. Three in four (76%) organizations name it as one of their IT projects for the rest of 2020.
Network security tied for the top slot due to the rapidly growing remote workforce. Education of IT staff has increased from 19% to 31%. That suggests organizations are struggling to address these key concerns amid the global IT skills shortage.
Cloud migration and innovative IT projects quickly became less important for most organizations during these uncertain times.
Other findings discovered by the survey include:
- One in three (36%) respondents plans to prioritize investment in automation of IT tasks.
- Interest in cybersecurity awareness remains high, with just over half of respondents listing it as a priority in both surveys.
- Thirty-eight percent of CIOs and IT directors now plan to invest in IT personnel education. Pre-pandemic, only 20% had it among their top five priorities.
- Only one in four (25%) organizations in the United States plan to focus on cloud migration projects. That’s down from 40% pre-pandemic.
- More than one in four (28%) respondents will prioritize digital transformation. However, interest varies a great deal by sector. For example, interest by public institutions has more than doubled.
- The previous survey found only a few organizations were going to focus on AI projects. And that number is even less now.
Ken Tripp is Netwrix’s director of channel accounts.
“The survey revealed many organizations struggle to withstand the ever-growing cyber threats, with so many employees working remotely. That is why network and data security are the major priorities,” he said. “What has changed is …