One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8388256 |
| Date de publication | 2023-09-27 10:00:00 (vue: 2023-09-27 10:07:22) |
| Titre | Combiner la sécurité et la sécurité des OT pour une gestion des cyber-risques améliorée Combining IT and OT security for enhanced cyber risk management |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Integrating IT and OT security for a comprehensive approach to cyber threats in the digital age. Historically, IT and OT have operated in separate worlds, each with distinct goals and protocols. IT, shaped by the digital age, has always emphasized the protection of data integrity and confidentiality. In this space, a data breach can lead to significant consequences, making it crucial to strengthen digital defenses. On the other hand, OT, a legacy of the Industrial Revolution, is all about ensuring machinery and processes run without interruptions. Any machine downtime can result in major production losses, making system availability and safety a top priority. This difference in focus has created a noticeable cultural gap. IT teams, often deep into data management, might not fully grasp the real-world impact of a stopped production line. Similarly, OT teams, closely connected to their machines, might not see the broader impact of a data breach. The technical challenges are just as significant. OT systems are made up of specialized equipment, many from a time before cybersecurity became a priority. When these older systems connect to modern IT networks, they can become weak points, open to today\'s cyber threats. This risk is even higher because many OT systems use unique protocols and hardware. These systems, once isolated, are now part of more extensive networks, making them accessible and vulnerable through different points in an organization\'s network. Additionally, common IT tasks, like updating software, can be more complex in OT. The equipment in OT often has specific requirements from their manufacturers. What\'s standard in IT can become a complicated task in OT because of the particular nature of its systems. Combining IT and OT is more than just a technical task; it\'s a significant change in how companies see and manage risks. From the physical risks during the Industrial Revolution, we\'ve moved to a time when online threats can have real-world effects. As companies become part of bigger digital networks and supply chains, the risks increase. The real challenge is how to unify IT and OT security strategies to manage cyber risks effectively. The imperative of unified security strategies According to a Deloitte study, a staggering 97% of organizations attribute many of their security challenges to their IT/OT convergence efforts. This suggests that the convergence of IT and OT presents significant challenges, highlighting the need for more effective security strategies that integrate both domains. Steps to integrate IT and OT security: Acknowledge the divide: The historical trajectories of IT and OT have been distinct. IT has emerged as a standardized facilitator of business processes, while OT has steadfastly managed tangible assets like production mechanisms and HVAC systems. Therefore, the first step towards a unified front is recognizing these inherent differences and fostering dialogues that bridge the understanding gap between IT and OT teams and leaders. Develop a unified security framework: Optimized architecture: Given the distinct design principles of OT, which traditionally prioritized isolated operations, it\'s crucial to devise an architecture that inherently safeguards each component. By doing so, any vulnerability in one part of the system won\'t jeopardize the overall network\'s stability and security. Regular vulnerability assessments: Both environments should be subjected to periodic assessments to identify and address potential weak links. Multi-factor authentication: For systems pivotal to critical inf |
| Envoyé | Oui |
| Condensat | abnormalities about access accessible according acknowledge actionable adding additionally address adopt advanced age agile align all always anomalies anomaly any approach architecture architecture: are article assessing assessments assessments: assets associated at&t attribute authentication authentication: author availability became because become been before behaviors better between bigger blueprint bolster both breach breaches bridge broader build business can cater cause chains challenge challenges change chief ciso closely collaboration collaborative combining common companies complex complicated component comprehensive conclusion confidentiality connect connected consequences content continuous continuously convergence created critical cross crucial cultural cyber cybersecurity daily data deep deeper defenses defined deloitte deploying design despite detailing detection detection: deter develop devise dialogues difference differences different digital distinct divide: does doing domains downtime during dynamic each effective effectively effects effort efforts emerged emerging emphasized endorse enhanced enough ensure ensuring environments equipment equipped especially essential evaluate: even event ever evolve evolving extensive face facilitator factor features first focus foster fostering framework: from front fully functions future gap given goals grasp hand handling hardware harm has have higher highlighting hint historical historically holistic how hvac identify identifying impact impacting imperative implement implemented implementing incident increase industrial information infrastructure inherent inherently initiatives integrate integrating integration integrity interruptions introspect investing isolated it/ot its jeopardize just knowledge known landscape layers lead leaders legacy leveraging like line links losses machine machinery machines made major making manage managed management management: manufacturers many measures mechanisms might modern monitoring more moreover moved multi must nature need network networks neutralized new not noticeable now offer officer often older once one online open operated operation operations optimized organization organizations other overall paramount part particular patch patches patterns periodic physical pivotal place points positions post potential practical presents primary principles prioritized priority processes production professionals proficiency promoting protect protection protocols protocols: provided readiness: real recognizing regular remote require requirements resilience resilient response responsibility result revolution right risk risks robust robustness run safeguards safety secure security security: see separate sessions shaped should significant similarly skilled skills software solely solutions solutions: space specialized specific stability staggering standard standardized steadfastly step steps stopped strategies strengthen strengths strong stronger structured structures study subjected such suggestive suggests supply support swift system systematic systems tackle taken tangible task task; tasks team teams technical than them therefore these threat threats through time today tools top towards traditionally training training: trajectories understand understanding unified unify unique updates updating use views vulnerabilities vulnerability vulnerable weak well what when whether which without won world worlds |
| Tags | Data Breach Tool Vulnerability Threat Industrial |
| Stories | Deloitte |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.