Remote access tools leave OT systems at risk of attack

Remote access tools are creating cybersecurity risks and operational burdens for operational technology (OT) systems, according to a new report.

The study, from the Claroty Team82 threat research team, using data from more than 50,000 remote-access-enabled devices shows that the volume of remote access tools deployed is excessive, with 55 percent of organizations having four or more and 33 percent having six or more.

It also finds that 79 percent of organizations have more than two non-enterprise-grade tools installed on OT network devices. These tools lack basic privileged access management capabilities such as session recording, auditing, role-based access controls, and even basic security features such as multi-factor authentication.

Using this type of tool leads to increased high-risk exposures as well as additional operational costs that come from managing a multitude of solutions.

"Since the onset of the pandemic, organizations have been increasingly turning to remote access solutions to more efficiently manage their employees and third-party vendors, but while remote access is a necessity of this new reality, it has simultaneously created a security and operational dilemma," says Tal Laufer, VP products, secure access at Claroty. "While it makes sense for an organization to have remote access tools for IT services and for OT remote access, it does not justify the tool sprawl inside the sensitive OT network that we have identified in our study, which leads to increased risk and operational complexity."

In cases where third-party vendors connect to the OT environment using their own remote access solutions, OT network administrators and security personnel who are not centrally managing these solutions may have little to no visibility into the associated activity.

Multiple remote access solutions need a more concentrated effort to create consistent administration and governance policies around who has access to the network, to what, and for how long. This increased complexity can create blind spots in access rights management.

The full report, The Problem with Remote Access Sprawl, is available from the Claroty site.

Image credit: Rawpixel/depositphotos.com