Ron Brash, Verve Industrial: OT Companies Must Focus on Data Security and Recovery in 2021
This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity.
Ron Brash, Director of Cyber Security Insights, Verve Industrial:
"Vaccine Supply Chain Risk – The COVID-19 vaccine supply chain is complex with suppliers, manufacturers, regulators and distributors involved with sourcing, production, distribution in cold chain, etc. There’s a massive amount of IP in the supply chain, and third-party manufacturers and distribution partners all use different types of security. Attackers could potentially use traditional social engineering methods to penetrate weak links, and then work their way up/down the supply chain to where critical data resides to steal IP or disrupt chain quality. One successful attack creates HUGE public concern over vaccine credibility, not to mention the ensuing battle over global delivery. (Note: this is also applicable to the PPE supply chain – e.g., pulp and paper mills that supply 3M with raw materials, etc.)
Attacks on Cloud Infrastructure – As many organizations move to Azure for AD/MFA, there becomes an intrinsic relationship where resources (wherever they are) require authentication and access control. Unfortunately, it’s possible that an outage may be triggered and the organization will be unable to function. Of course, this should be a well-defined procedure, and one that should be “fire drilled” on a regular basis. However, practicing for such an event is highly unlikely given the state of most organizations’ governance and training maturity.
Operational Technology (OT) Sector M&A and Divestiture – While not new business activities, they frequently occur when an economic crisis rears its head and puts industrial automation environments into further security chaos; projects are upended, and there’s personnel upheaval, changing budgets, and more. This could be capitalized on by “bad actors” or “opportunistic criminals” (or others). So industrial organizations should ensure their security and recovery strategy is well-tested and their teams can quickly address/thwart any chance of disruption. Shareholders and companies watching their profits likely won’t be able to weather more economic impact in 2021; they may be looking to this next year as a recovery period."