Thursday, 20 February 2020 17:31

2020 predictions: Dave Weinstein, CSO, Claroty

GUEST OPINION By Dave Weinstein Claroty: From a threat perspective, I expect to see a continuum from 2019 into 2020, as it is getting easier for hackers to attack these systems because they’re more exposed to the public internet. Not just nation state hackers, but criminal hackers who are financially motivated.

Looking back at 2018, there were more high-profile attacks that year than 2019. We saw no more than 12 high profile attacks in 2019. The number of attacks is declining compared to the Stuxnet worm in 2010, and the 2015 cyber attack on the Ukraine power grid. Security is improving and hackers have better things to do than target power grids.

Nation states are being more selective and becoming better at covering their tracks. What we see reported in media is the tip of iceberg and isn’t indicative of current trends because it’s a smallsample size.

Governments can only see so much because organisations are privately monitored, and the companies monitoring them are not at liberty to discuss what they observe on their networks.

As end users start to adopt basic monitoring solutions for OT networks, there’s going to be more malicious activity. The greatest threats are likely to be already operating undetected on enterprise and critical infrastructure networks at the moment. Nation states will only make their presence known on a network depending on geopolitical tensions/when they want to.

Geopolitical. I expect to see Iran increasing in their aggression in cyber space and hold more US critical infrastructure at risk in the event of geopolitical tensions.

Nations of inferior conventional arsenals will turn to asymmetric cyber capabilities as a way of responding to physical force. We saw an example of this earlier this year when the US allegedly carried out a cyber attack on Iran in retaliation to them bringing down a US drone.

The ‘I’ in CISO will start to disappear for companies with big industrial footprints. As IT and OT begin to be viewed as one, enterprises need to govern and secure them accordingly. Unless you’re a bank, the idea of being a CISO is going to become a thing of the past. The CISO is gaining responsibility for OT and as a result the role will be more than taking responsibility for securing information, they will have all the OT security responsibility too. Wherever there’s technology, it needs to be secured.

No downtime. Last year I predicted that there would be no hours of electrical downtime as a result of a cyber attack worldwide. As far as I know that is true and I would predict that the same will betrue again for 2020. The electric sector is at enormous risk due to its vulnerable nature, and I expect it will continue to be targeted throughout 2020, however I would predict that no customers will lose power for any period of time as a result of a cyber attack. As an example, a utility in Salt Lake City suffered a cyber attack earlier this year – the first official attack on a utility, and nobody lost power.

OT targeted ransomware. It’s a fair prediction to make for 2020 that we will see an increase in ransomware spilling over from the IT network into the OT environment. If I was a CISO at a manufacturing facility, I’d be worried about that.

If IT and OT networks are unsegmented, then an attack on IT could easily spill into the OT environment too. Implications could be worse for OT than IT as the OT network cannot restore a production line in the same way as IT can restore to the last backup. Businesses need to consider how much downtime they are willing to take to avoid paying a ransom.

5G. More things will be connected, which equals a greater attack surface, for example, smart cities and buildings are increasing in number. 5G connectivity will expose legacy systems in cities, enabling connections to new threats as well as an increase in new connected buildings and factories running off the same infrastructure. 5G is going to expand the scope of OT security in the same way as IT/OT convergence exposed manufacturing plants and factories to threats. 5G opens the aperture to common everyday use cases that affect the public at large.

Cloud. With the rush to the cloud, I’d expect to see an increase in the ability to pool customer OT data and identify emerging threats more quickly, and not being reliant on manual updates to be protected against known threats.

Read 2268 times


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments