According to recent research by IBM, removable media is now the second most significant threat to OT systems this year.
According to the survey, phishing was the initial access vector for cyber attackers last year. This year, there was a tie (11 percent) for second place between removable media and exploitation of vulnerabilities.
READ MORE: Identity Access Issues Major Cause of Breaches
“Ideally, USB flash drives should be prohibited when possible. If absolutely necessary, strictly control the number of portable devices approved for use in your environment and disable auto-run features for any removable media”, says the vendor.
The pandemic could be the culprit, as it was during the pandemic that the use of personal devices was on the rise.
As per the study’s findings, there were other threats to the OT environments besides the removable storage. For example, suppose an enterprise has some OT monitoring tools installed and the prolonged use of a rather old-fashioned and insecure TLS 1.0 encryption method.
According to the survey, illegal parameters and default/weak passwords are other threats as well and can be equally disastrous.
READ MORE: Digital Forensics-powered Cyber Security: What You Should Know
Malicious spam was this year’s biggest OT threat as it was part of around 44 percent of IBM engagements. Most of the emails were trying to deliver the TROJAN, the notorious Emotet.
Malicious software (malware) has been a consistent problem for almost all modern businesses. Malware quickly spreads through removable media.
Threats from these sources are getting disastrous each year, and the consequences are also becoming more significant.
Malware can be present in one system, which can then easily be transferred to inserted media devices immediately following the installation of device drivers.