ICS networks and IT networks are becoming increasingly entangled (or more politely, “converging”). Workstations and servers on the ICS networks using standard IT operating systems, such as Windows, is becoming more and more common. Unfortunately, and as many ICS operators are all too aware, these changes are making ICS networks more vulnerable than ever to hacking, especially malware and ransomware attacks.
From flawed operating systems to exploitable digital rights management, the track record of digital ICS development has demonstrated that these vulnerabilities are not going away any time soon. However, the latest rash of NotPetya and WannaCry ransomware proved that though cyberattacks against ICS are certainly not slowing down, simply patching systems and device applications can go a long way to preventing them. These two attacks relied on the EternalBlue NSA exploit– a security flaw within multiple versions of the Windows operating system – to infiltrate and lock down vital systems, charging a ransom to get them unlocked.
The patches to remediate all of these vulnerabilities and prevent these attacks was already available months before they took place. So why didn’t many major organizations patch their vulnerable systems? The reasons are varied, but the question remains – What if you can’t patch?
Complete the form below to have the full white paper delivered to your inbox and better understand what you can do if you can’t patch your vulnerable systems.