Time to Rethink Your VPN: A Gateway for Vulnerabilities

With remote working on the rise, cybercriminals have revved up their antics. Enterprises in the Asia-Pacific region experienced a 168% year-on-year increase in cyberattacks in May 2021.¹ Foreign bad actors routinely exploited unpatched Virtual Private Networks (VPNs) in 2020, according to the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). This is alarming, as VPN was not among the top 10 common vulnerabilities and exposures (CVEs) from 2016-2019.²

While the IT arena may be more attuned to remote working, it's a different story for the Operational Technology (OT) industry, which often requires personnel on-site to safeguard Industrial Critical Systems (ICS) like power grids, electrical utilities, and oil and gas facilities. With successful attacks capable of bringing entire organizations to their knees, dispersed OT teams require ever-secure access to OT environments to swiftly respond to potential disruptions.

Not Created Equal: IT versus OT Remote Access Requirements

Despite the increasing IT/OT convergence, many enterprises fail to realize the vast differences in IT and OT remote access requirements. While staff in IT environments can largely work remotely once equipped with collaborative tools, OT environments grapple with more complexities to ensure effectiveness while working remotely:

Critical need to keep the lights on to ensure business continuity, especially for OT environments classified as Critical Information Infrastructures (CIIs)

Significant reliance on the highly specialized skills of equipment manufacturers, remote operators or contractors for on-site monitoring, diagnosis and operation of capital-intensive assets

Today's turbulence requires the urgent review of critical security and risk strategies to address both IT and OT cybersecurity holistically.