Criminals are increasingly targeting the vulnerable systems situated between Information Technology (IT) and Operational Technology (OT), as they pose significant operational risks. Tim Conway of the SANS Institute emphasizes that these "in-between" systems, seen in industries like petroleum and pharmaceuticals, can affect product integrity and safety if compromised. Due to the potentially devastating consequences, companies may feel pressured to meet extortion demands, creating a more complex dilemma during ransomware attacks. This shift indicates a growing trend of focusing on the operational impacts rather than merely financial ones.
"It's the system in the middle, and the impact of ransomware [on in-between systems] affects the integrity of the product," Conway told The Register.
"You can't continue to operate from a safety perspective. You're not going to put jet fuel in a car. You're not going to put home heating oil in a jet," Conway said.
"The IT side is how we manage our business, the OT side is why we're a business... it becomes a completely different discussion in boardrooms on do we pay, and how quickly do we pay," Conway said.
"If you were a pharmaceutical [company], and we wanted to cause problems in the batch or the dosage or blend of a particular drug."
Collection
[
|
...
]