What Operational Technology (OT) vulnerabilities keep you up at night?

If you look at these ransomware attacks, it's basically manifested two ways. Once it gets in—because we know it's going to get in—then it spreads from device to device because we're not separating all these things. And the second part is that even if you VLANs that are all locked down, someone could get to your laboratory information management (LIM) system if they just remote desktop protocol (RDP) into that server. And you can't put multi-factor authentication (MFA) on RDP, so you're potentially opening up access to all your other VLANs.

Because once you jump from one RDP server on a different VLAN, then that particular server has access to something else so you just start another RDP session from there. That's exactly what happened at a pipeline in the meatpacking place that was hit with ransomware. It's crazy how easy and effective what they're doing is.

What you need to consider is the attack surface. Who's really going to hit these lab machines? With research, generally you'll be looking at state-level attacks. That's a big fish to fry. But at the actual individual machine layer, you're probably not going to get hit by a huge flood of attacks directed at them because there isn’t an easy way to monetize that. You're dealing with corporate espionage and state-level espionage. You're not getting the volume that you’d get with a bank or a credit card processor that's so easy to monetize. 

Although if the last couple of years have taught us anything, it's that the whole industry has changed its strategy around monetization and now they're targeting all the low hanging fruit with ransomware and DDoS for bitcoin. So even that's becoming a false sense of security more and more every day.