Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)
Over-Deployment of Tools Raises Security and Operational Concerns
Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warned security researchers from Claroty.
See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge
>
Claroty’s Team82 reported that after examining more than 50,000 remote access-enabled devices reported by customers, it determined that more than half of organizations use four or more remote access tools. One-third deploy six or more.
Remote access tools are essential in OT environments where administrators cannot always physically manage critical infrastructure. But remote access introduces numerous potential vulnerabilities that threat actors exploit. Despite security protocols available to protect these access points, Team82’s report suggests many organizations are not fully utilizing them.
A clear majority of organizations use more than two nonenterprise-grade remote access tools. Those tools lack privileged access management features such as session recording, auditing, role-based access controls and multifactor authentication. The absence of these basic security features increases risk exposure and creates an operational burden in managing multiple solutions.
Researchers said that beyond the lack of security features, organizations face increased attack surfaces due to the overabundance of external connections into OT networks. These connections, particularly those involving nonenterprise-grade tools, often lack visibility, leaving OT administrators unaware of external activity. In many cases, third-party vendors also connect to these networks with their remote access solutions, further complicating monitoring efforts.
Multiple remote access solutions require complex identity management processes. Managing permissions and access controls becomes more challenging, often resulting in blind spots in access rights management. Such inefficiencies raise the risk of misconfigurations and exploitation by cybercriminals.
The operational burden of managing multiple remote access tools is another concern, adding both complexity and cost to OT environments.
Researchers recommend organizations need to establish full visibility into their OT networks to understand how many remote access solutions are in use.
Eliminating or minimizing the use of low-security tools, particularly those without critical features such as MFA, is a necessary step to reduce risk, researchers said. Standardizing security requirements for both internal operations and third-party vendors is crucial, they also said. A consolidated access control policy will not only improve security but also enhance operational efficiency by reducing the number of tools needed.