Poisoned Privileges: The Wake-Up Call to Harden Remote Access & Password Security for SCADA & IoT Systems

Over the past decade, we've seen a vast array of different types of devices and systems connected to the internet. While this feels like technological progress, there's a dark side to bringing the Internet of Things (IoT) online - these systems come under attack just like other connected infrastructure. Unfortunately, many SCADA environments today include connected systems with relatively weak security capabilities and configurations, leading to compromise and breach scenarios that are not only dangerous but could be deadly.

In February 2021, a Florida water plant was compromised remotely, and the attacker attempted to modify the water's chemical makeup. Then on March 9th, Bloomberg reported a massive security breach into the Verkada network that exposed the live feeds of 150,000 of security cameras used in jails, hospitals, and even companies like Tesla. The threat actors claimed to have had full access to archive of full video for all Verkada customers making the security and data privacy issues even more complex.

These attacks serve as a blunt reminder the need for both Operational Technology (OT) and Information Technology (IT) environments to secure access with multi-factor authentication and prevent such systems from being externally accessible. If you are in charge of your OT/IoT infrastructure you have some fundamental responsibilities to protect your company, infrastructure, and the security and privacy of your clients. Thus you’d want to architect and deploy a solution that in no way, ever, allows a single credential to be used to jeopardize the trust and well-being of your clients and solution.

In this on-demand webinar, security expert and founder of Voodoo Security, Dave Shackleford, will spend the first half of the webinar to walk attendees through these recent attacks and then share examples from the past several years that demonstrate just how vulnerable SCADA and IoT systems can be when remote access and support, when not implemented with security in mind, are often the beachhead used by attackers to infiltrate a network.

Then for the last half of the webinar, Duane Simms, BeyondTrust Sr Product Manager, will show attendees first-hand how BeyondTrust can help you protect the access to your OT/IOT systems with the implementation of 6 basic security controls.

Meet the Presenters

Dave Shackleford, Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Duane Simms, Senior Product Manager