What does Claroty do?
Claroty’s mission is to protect industrial control networks from cyber-attacks to ensure the safe, reliable function of the world’s most critical infrastructure.
Our deployments span 15 industries in over 25 countries, with leading industrial automation vendors including Schneider Electric, Siemens and Rockwell Automation backing our company and adopting our technology to eliminate cyber vulnerability - a critical issue impacting Australian business and government
Claroty is the only integrated and comprehensive IoT and OT security monitoring and remote access control platform for regulatory compliance, targeted detection of malicious activity and automated response.
Claroty is headquartered in New York – how does the cyber threat in ANZ differ to that in the US?
Australia doesn’t have the years of compliance and critical infrastructure bill that the USA has mandated on its companies and state-owned operations, so the cyber security protections and controls are largely unknown.
Many Australian organisations ask their CIO or IT manager to manage cyber security. This does not work. Australian companies need to employ experts in cyber security to own and manage the risk that they face.
What sector or industry do you think is at the most risk and why?
Globally, energy and utility companies are more at risk because they are the prime targets for attackers who seek to disrupt critical infrastructure that citizens rely on every day. Unfortunately, a lot of them are not very well defended at all.
According to the Australian Energy Market Operator (AEMO), protection of the electricity sector against cyber-attacks is a matter of “national importance” so there definitely has been an increase in awareness of how important it is to protect critical infrastructure.
What are the factors driving demand for cybersecurity protection in OT/ IIoT environments?
Cyber-attacks are happening every single day, This, coupled with our ever-increasing reliance on these systems to do what they do 24/7 is driving demand for protection.
For example, an IT environment can be taken down at night time to patch servers, address security software and vulnerabilities. On the other hand, OT networks, such as production lines, are designed to operate 24-7 allowing a very small maintenance windows of about 3-4 times per year.
This new interconnected world makes it very difficult to protect systems using traditional methods as down-time is not an option for a lot of OT environments.
What is the risk for industrial companies who do not have visibility of their network?
Many industrial systems, especially older versions, contain vulnerabilities which can be exploited relatively easy, and much of the ICS software and underlying industrial protocols lack even basic security controls.
Attacks can happen easily in these networks, resulting in disruption, lost productivity, profit, and in some cases, risks to personal safety.
The bottom line here is that you can't protect what you can't see, in the same way you can't defend against an attacker you can't see.
How can Australian companies take steps to reduce the threat facing their operations?
Companies can start by adopting and implementing some basics like the ASD essential 8…
It is important to gain some visibility into your critical infrastructure to see exactly what is going on… Working with security partners and vendors that have ICS as their core specialty will help ensure that your systems are protected by the most qualified security experts possible.