The cybersecurity risks associated with the widespread use of remote access tools in operational technology (OT) environments have been highlighted by research from Team82’s Claroty.
Description
The study reveals that many organizations have deployed non-enterprise-grade tools on OT network devices [1], lacking essential security features such as role-based access controls [3], multi-factor authentication [1] [2] [3] [4], and auditing capabilities [3]. This tool proliferation not only expands the attack surface but also presents challenges for OT network administrators and security personnel in terms of visibility and identity management. The risks are further compounded when third-party vendors utilize their own remote access solutions. The report stresses the importance of reducing reliance on low-security tools like TeamViewer and AnyDesk, implementing centralized management and security controls [4], and adopting enterprise-grade security measures like multi-factor authentication and privilege access management to defend against potential compromise and disruptive attacks by nation-state actors and criminal hackers. The findings underscore the necessity for organizations to regulate the use of remote access tools in OT environments, enforce security standards throughout the supply chain, and address operational concerns such as increased expenses and decreased monitoring efficiency [3].
Conclusion
Organizations must take immediate action to address the cybersecurity risks associated with remote access tools in OT environments. By implementing centralized management and security controls [4], adopting enterprise-grade security measures [4], and regulating the use of remote access tools, they can defend against potential compromise and disruptive attacks [4]. Failure to do so may result in severe consequences, including financial losses, reputational damage, and operational disruptions.
References
[1] https://www.processonline.com.au/content/software-it/news/too-many-ot-remote-access-tools-a-cybersecurity-risk-report-1535465918
[2] https://betanews.com/2024/09/10/remote-access-tools-leave-ot-systems-at-risk-of-attack/
[3] https://www.scmagazine.com/brief/ot-environments-impacted-by-unrestricted-remote-access-tool-utilization
[4] https://vmblog.com/archive/2024/09/11/55-of-ot-environments-contain-four-or-more-remote-access-tools-greatly-expanding-attack-surface-and-operational-complexity.aspx