Ransomware attacks are increasingly targeting critical infrastructure — essential systems like energy, water, transportation and finance. In 2023 alone, over 40% of attacks hit these sectors, according to the FBI. Meanwhile, agencies like CISA and the UK’s NCSC warn infrastructure companies of mounting threats from state-sponsored adversaries or other malicious actors.

The recent American Water incident highlights just how vulnerable infrastructure companies can be. Although contained to billing systems, the suspected ransomware attack reinforces the urgent need for companies to implement ZTNA and begin segmenting on-premise, cloud and hybrid networks and workloads to prevent IT network breaches from reaching operational technology (OT) systems and impacting essential services and critical operations.

Security Risks

Think of OT as devices that control the physical world (power grids, machinery, pipelines). This includes supervisory control and data acquisition (SCADA), industrial control systems (ICS) and distributed control systems (DCS). Traditionally these systems were managed separately from IT, but that has all changed with the growth of IoT and Industry 4.0. Today these systems are more connected and integrated. Add to that the complexity of managing remote workers, contractors and third parties who require access to both IT and OT to perform daily maintenance and many endpoints, increasing your security risks.

While tools like IAM, PAM and MFA manage access, they don’t address a crucial question: What happens when an attacker bypasses these defenses? Microsegmentation addresses this gap in a zero-trust strategy. It divides a network into smaller, isolated segments, limiting attackers’ ability to move laterally and ensuring that a breach in one area doesn’t reach other critical assets. Microsegmentation is essential for critical infrastructure companies, offering granular security controls that protect on-premise, cloud and hybrid environments.

10 Best Practices for Securing OT

When it comes to securing IT and OT systems, managers need to evaluate their risk and build a strategy focused on zero-trust principles. Begin with these 10 best practice tips:

Assume Breach and Minimize Impact: It may be unsettling to think this way, but it’s important to operate as if a breach has already taken place. Segment network access, use data encryption (at rest and in motion) and analyze your network to detect and respond quickly to threats.

Understand Your Network Assets: Companies can start by mapping out their entire network, identifying critical assets, workloads and data flows. This will help determine which segments need the highest level of protection.

Increase visibility into OT Systems: Companies need better visibility into their OT and industrial control systems to secure them, maintain them and quickly isolate potential security incidents. This technology is available for IT systems but not as readily used on OT systems.

Password Management for IoT: While companies have strict password policies for users, they don’t always apply to servers, applications and IoT devices. Many companies use the default password that comes with these applications or devices. IoT / machine credentials need to be secure, authenticated and rotated.

Leverage IAM Solutions: Use Identity and Access Management (IAM) tools such as multifactor authentication (MFA), single sign-on (SSO) and privileged access management (PAM) to centralize and manage user identities, authentication and authorization. This helps ensure that only verified users can access segmented areas.

Implement High-Value, Easy-to-Implement Segmentation Projects: Microsegmentation can seem overwhelming and involve analyzing thousands of network connections, identifying and labeling hundreds of services and configuring and enforcing hundreds of policies, but it doesn’t have to be. Approach microsegmentation projects step-by-step. Begin by focusing on critical broad areas that are easy to implement and offer significant value such as isolating smart devices or segmenting business functions.

Use Granular Segmentation Policies: Apply microsegmentation at the workload or application level, not just for entire servers. This provides more precise control and limits an attacker’s ability to move between segments if they gain access.

Regularly Monitor and Update Policies: Continuously monitor network traffic between segments to detect anomalies and improve defenses. Regularly review and update microsegmentation rules as your infrastructure changes.

Test for Breach Scenarios: Conduct penetration testing to simulate potential attacks and identify gaps in your segmentation strategy. This helps ensure that segments are properly isolated and attackers can’t move laterally if a breach occurs.

Always Back-Up Systems: Ransomware attacks are designed to block access to data and systems unless a company pays a ransom. Having a secure backup solution for your OT systems and devices will not prevent attacks but it helps to mitigate their impact. You will be able to restore systems and minimize downtime.