Poisoned Privileges: The Wake-Up Call to Harden Remote Access & Password Security for SCADA & IoT Systems

Over the past decade, we've seen a vast array of different types of devices and systems connected to the internet. While this feels like technological progress, there's a dark side to bringing the Internet of Things (IoT) online - these systems come under attack just like other connected infrastructure. Unfortunately, many SCADA environments today include connected systems with relatively weak security capabilities and configurations, leading to compromise and breach scenarios that are not only dangerous but could be deadly.

In February 2021, a Florida water plant was compromised remotely, and the attacker attempted to modify the water's chemical makeup. Then on March 9th, Bloomberg reported a massive security breach into the Verkada network that exposed the live feeds of 150,000 of security cameras used in jails, hospitals, and even companies like Tesla. The threat actors claimed to have had full access to archive of full video for all Verkada customers making the security and data privacy issues even more complex.

These attacks serve as a blunt reminder the need for both Operational Technology (OT) and Information Technology (IT) environments to secure access with multi-factor authentication and prevent such systems from being externally accessible. If you are in charge of your OT/IoT infrastructure you have some fundamental responsibilities to protect your company, infrastructure, and the security and privacy of your clients. Thus you’d want to architect and deploy a solution that in no way, ever, allows a single credential to be used to jeopardize the trust and well-being of your clients and solution.

In this on-demand webinar, security expert and founder of Voodoo Security, Dave Shackleford, will spend the first half of the webinar to walk attendees through these recent attacks and then share examples from the past several years that demonstrate just how vulnerable SCADA and IoT systems can be when remote access and support, when not implemented with security in mind, are often the beachhead used by attackers to infiltrate a network.

Then for the last half of the webinar, Duane Simms, BeyondTrust Sr Product Manager, will show attendees first-hand how BeyondTrust can help you protect the access to your OT/IOT systems with the implementation of 6 basic security controls.