A new survey released by Barracuda Networks Inc. has found organizations struggle to protect operational technology and are being hacked as a result.
The report. titled “The State of Industrial Security in 2022” was conducted by independent market researcher Vanson Bourne and included 800 participants, including senior IT security managers. The research found that 93% of the responding companies had experienced failed industrial Internet-of-Things or operational technology security projects.
“People are realizing that they’re not just trying to secure laptops and devices,” said Tim Jefferson (pictured left), Barracuda’s senior vice president of data, network and application security. “Now it’s refrigerators and robots and production halls. That is a huge increase in area. So many different devices, things and objects are now being connected, and it’s a huge challenge for security teams to take care of it.”
Jefferson spoke with theCUBE industry analyst John Furrier of AWS re:Inforce during an exclusive broadcast on SiliconANGLE Media’s live streaming studio, theCUBE. He was joined by Sinan Eren (pictured right), Vice President of Zero Trust Engineering at Barracuda, and they discussed the challenges of securing industrial networks and Barracuda’s focus on Zero Trust at the edge. (*Disclosure below.)
Barracuda’s survey and focus on industrial IoT and operational technology highlights an important part of the cybersecurity challenge. Industrial and operational systems, such as oil and gas pipelines or utilities, provide vital services to tens of millions of people every day. Any disruption, like the attack on the Colonial Pipeline in 2021, will be widely felt.
“We’re talking about industrial engineering here,” Eren said. “Life depends on these technologies.”
The company has over 200,000 customers worldwide and offers email, data, application, cloud and network security protection. Barracuda solutions include remote access and security protections for Secure Access Service Edge.
“You end up taking control and migrating them to the cloud,” Jefferson said. “Ultimately, this creates a great opportunity to adopt security best practices that have been difficult to implement in legacy architectures, namely the ability to take your controls to the edge as much as possible. It’s the thing edge, device edge, user edge.”
One of the challenges in industrial and operational security is assigning identities in environments where users and automation hardware are combined to provide services. This requires a concerted focus on Zero Trust Network Access (ZTNA) to provide a higher level of security.
“The old notion of being able to place control and rules based on network constructs doesn’t really scale anymore,” Eren noted. “You need this concept of another level of abstraction of identity that belongs to a service, that belongs to an application, that belongs to a user, that belongs to hardware. Essentially, identity will operationalize zero trust and much more secure access in the future.”
Barracuda provides enterprise backup services and has found that an increase in ransomware attacks has coincided with attacks on backup files. Deleting critical backup information gives attackers greater leverage to convince victims to pay ransom.
“They break into management levels, look at control frameworks, and the first thing they do is delete the backups,” Jefferson said. “We have been running this service for over a decade and historically the number of ransomware escalations we have received has been very small. This has now been routine for us for the past 18 months; we deal with that every day.”
Here is the full video interview, part of SiliconANGLE and theCUBE’s coverage of the AWS re:Inforce event:
(*Disclosure: Barracuda Networks Inc. sponsored this segment of theCUBE. Neither Barracuda nor any other sponsors have editorial control over the content on theCUBE or SiliconANGLE.)