Misconfiguration, alert fatigue and ransomware

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 06, 2025 5:13 am

Network operators can’t afford to take IIoT smart sensors offline to patch and update them, because they need to be running 24/7. “We’re certainly familiar with this,” says Black. “Most systems have multiple cybersecurity measures in place—we’re talking about multiple layers of protection. Patching is just one layer. Depending on the situation, patching is often the fourth or fifth layer of protection.”

Security threats can cause IIoT systems to go down and compromise critical infrastructure. Networks are vulnerable because IIoT devices cannot be scanned due to the risk of failure and disruption, Oswal said.

Black says when his company encountered ecuador mobile database issues due to installing patches that didn't comply with IIoT vendor recommendations, they had to roll back and restore the system from backup.

Trowell notes that in a talent shortage, finding security professionals with experience troubleshooting configuration errors is difficult. “Upskilling and training are paramount in these industries, as the consequences of downtime or compromise of critical infrastructure can be severe,” he says.

Additional threats include alert fatigue. According to Trowell, the growth of the tech stack is leading to an increase in alerts. “Traffic triage and review has become a tedious additional task for many network security teams, making it difficult to identify alerts that are worthwhile, like looking for a needle in a haystack,” he says.

Black says that ignoring or disabling alerts in an IIoT system is not an option. “Alert fatigue does happen from time to time,” he says. “The bigger issue here is training operators to recognize which alerts that are overwhelming the system need to be escalated up the chain of command.”

Cybercriminals are also targeting industrial IoT systems with ransomware, threatening to take down critical infrastructure if a ransom is not paid, Oswal notes. Attackers inject malware into an IIoT system, causing a denial of service (DoS) or preventing access to key files, and demand a ransom to restore access. A ransomware attack can even hijack an IIoT gateway’s login, override its password, and update the firmware to a malicious version.