Businesses should have greater visibility into what IoT/OT devices they have and how they’re communicating, so they can implement tighter network segmentation policies that make it harder for attackers to freely navigate within their networks, says Omer Schneider, CEO, and co-founder of CyberX
How did your background lead to the co-founding CyberX? What made you interested in creating a company that focused on industrial security?
My co-founder, Nir Giller, and I spent many years in the military managing day-to-day security operations and developing new products to secure our critical national infrastructure. We understood back in 2012 that smart connected IoT devices were going to dominate the technology landscape, and now we see predictions that some 50 billion IoT devices will soon be deployed worldwide. Because these connected devices can’t be protected by agent-based technologies — and are often unpatched or misconfigured — they can easily be compromised by adversaries to pivot deeper into corporate and industrial networks to cause safety and environmental incidents, steal intellectual property and trade secrets, conduct ransomware attacks to shut down factories, and siphon CPU resources for DDoS botnets and cryptojacking.
How has securing critical infrastructure and industrial businesses changed since you first began CyberX?
Boards and management teams are now much more aware of the risks. They’re asking CISOs questions about the current risk posture of their plants, and they’re concerned about financial losses due to downtime as we saw last year when aluminum manufacturer Norsk-Hydro lost more than $70 million due to lost production. Other high-profile attacks have also raised awareness of the business risk, such as NotPetya which caused major losses for global manufacturing and logistics companies, and the TRITON attack on the safety systems of a petrochemical facility. And Microsoft recently discovered a campaign that compromises Voice Over IP (VOIP) phones and wireless printers to gain access to corporate networks. Corporate liability is now being discussed as a real concern, because firms that don’t deploy appropriate security- and safety-related controls could run into liability issues in the case of a safety or environmental incident.
We’re seeing a lot of talk about the convergence of IT and OT. Can you explain that a bit more and what it means for CISOs?
By collecting more real-time intelligence from the plant floor, IoT brings a lot of business benefits including higher efficiencies and cost savings. For example, manufacturers are now using data-driven analytics to perform predictive maintenance and improve the reliability of expensive capital equipment. But IoT also means deploying lots of new sensors (such as vibration and temperature sensors) to capture real-time data. It also means greater connectivity between IT and OT networks — and the cloud — that never existed before, which is where the “convergence” comes from. As a result, the risk is increased because the attack surface has increased and we now have many more entry points for attackers.
So the convergence of IT and OT also requires CISOs to implement unified security monitoring and governance across IT, IoT, and OT. When plants go down, it affects everyone in the organization, and CISOs are now being held accountable for OT security and IoT security as well as for corporate IT security.
What do you anticipate to be the biggest threats for businesses in 2020? How should they prepare?
We’re going to be seeing a lot more attacks directed at IoT devices — because they’re essentially soft targets. Businesses should prepare by gaining greater visibility into what IoT/OT devices they have and how they’re communicating, so they can implement tighter network segmentation policies that make it harder for attackers to freely navigate within their networks. They also need to understand their IoT risks and vulnerabilities. They should implement continuous threat monitoring to quickly identify any anomalous or unauthorized behavior so they can stop adversaries during the early reconnaissance phases of an attack, before they can do any significant damage. And finally it also needs to come together in their existing Security Operations Centers (SOCs) where IoT/OT security should be integrated with existing IT security workflows and tools such as Splunk and IBM QRadar.
With the cybersecurity market booming, what makes CyberX standout?
We’ve gained a reputation for being fast and easy to deploy — which is particularly important when the board and auditors are breathing down your necks. We also have the industry’s only patent for behavioral analytics and machine learning algorithms specifically designed for IoT/OT, which helps our clients detect threats faster and with more accuracy. Our platform has been deployed in some of the largest and most complex environments across the Global 2000, which has enabled us to continuously enhance it to meet real-world client needs as well as to gain a deep understanding of the best practices that are essential for successful projects. We recently announced we’re working with Microsoft and have integrated our platform with the Azure Security Center for IoT. Also, the emergence of 5G networks will significantly increase the number of IoT devices connected to corporate networks and the cloud, further increasing the need for scalable and robust IoT security.
If industrial organizations were to leave with one piece of advice from reading this, what would it be?
Cyber risk equals business risk. This is especially true for industrial organizations that rely on their plants to generate revenue and meet customer demand. So be proactive — make sure your teams have the right resources, budgets, and top-down mandates to secure the critical industrial infrastructure upon which we all depend.
“The convergence of IT and OT also requires CISOs to implement unified security monitoring and governance across IT, IoT, and OT. When plants go down, it affects everyone in the organization, and CISOs are now being held accountable for OT security and IoT security as well as for corporate IT security.”
Omer Schneider, CEO, and co-founder of CyberX
Omer Schneider, CEO and co-founder of ICS/IoT cybersecurity firm CyberX, he has an incredible background in cybersecurity with the Israeli Defense Forces (IDF) and his work as a contributing member of the Industrial Internet Consortium (IIC). Omer co-founded CyberX following a longtime military career with the IDF, in which he headed operations and R&D for an elite cybersecurity unit responsible for critical national infrastructure, and was also a member of the Israeli national cyber security initiative