Exclusive: Claroty highlights risks and solutions for cyber-physical systems
As Cybersecurity Awareness Month kicks off, organisations are being urged to confront evolving risks to their critical infrastructure.
Cyber-physical systems, which underpin industries ranging from energy to healthcare, are increasingly vulnerable to sophisticated cyber threats. While traditional IT security focuses on data protection, securing these physical systems requires specialised approaches.
Leon Poggioli, Australia and New Zealand Regional Director at Claroty, a company focused on cyber-physical security, is raising awareness this month.
"We help people who operate cyber-physical networks like power stations and factories protect that critical infrastructure from cyber attacks," Poggioli said.
Cybersecurity Awareness Month, which aims to educate individuals and organisations about the growing risks, shines a spotlight on sectors like critical infrastructure that often go unnoticed. According to Poggioli, securing these systems is essential for protecting the backbone of modern life.
"I understand that space reasonably well, based on just working in that kind of organisation, as well as talking to all sorts of cyber leaders in different industry verticals."
One of the main misconceptions he encounters is the belief in the security of "air-gapped" systems—those supposedly disconnected from external networks. "There are still some people that believe in what they call the air gap," Poggioli said.
"What we do find is that the more someone insists something is air-gapped, the more likely there is some kind of external connectivity that allows people to connect into that network." As Cybersecurity Awareness Month reminds us, it's crucial to continuously monitor systems, even those thought to be isolated, to prevent insider threats and vulnerabilities.
This awareness month also encourages companies to think beyond IT systems. Poggioli highlighted the cyber risks within IoT networks, which are becoming ubiquitous across industries such as retail and education. Devices that were not originally purchased with security in mind are now connected to corporate networks, posing unseen dangers.
"That infrastructure still contains cyber risk that people need to be monitoring," Poggioli added.
Claroty's industry-centric platform is designed to address the unique needs of each sector, providing solutions that align with the specific risks and priorities of different environments.
"If you operate an OT or a cyber-physical network, that's probably where your company makes most of its money."
This understanding is vital during Cybersecurity Awareness Month, as it draws attention to how a cyber attack could impact not only data but also physical operations, safety, and production.
In industries like mining, safety is paramount, while energy providers must focus on maintaining grid stability. Healthcare is another critical sector where Claroty plays a key role.
"You think about how critical infrastructure healthcare is nowadays, and how much we rely on technology to deliver modern healthcare," Poggioli said.
He noted that Claroty has a dedicated product for clinical networks to help protect medical devices from potential cyber threats.
Looking ahead, Poggioli warned of the increasing threat posed by nation-state actors, particularly in the context of global geopolitical tensions. "There's much more of a threat vector now in warfare scenarios," he said, pointing to cyber attacks on telecom networks in Israel and Ukraine. As these incidents become more common, Cybersecurity Awareness Month serves as a timely reminder for organisations to strengthen their defences.
With the convergence of IT and OT systems, bridging the gap between these traditionally separate domains is crucial. Poggioli emphasised that, while technical solutions are important, stakeholder collaboration is often the key to success.
"The biggest challenge I see in OT cybersecurity is stakeholder management and collaboration across different business units," he said.
During this awareness month, organisations are encouraged to focus on fostering cooperation between IT and OT teams, building trust to ensure seamless protection of their systems.
"You can't develop a programme in isolation and then turn up to the factory or the plant with a box under your arm saying, 'we're going to plug this into your network'," Poggioli explained. Building relationships with OT teams and understanding their concerns is critical to implementing a joint strategy that protects both digital and physical assets.
The rapid expansion of IoT devices also presents new challenges. Claroty is helping organisations tackle the issue of securing legacy infrastructure that wasn't built with cybersecurity in mind. "You could have many kinds of different devices out there that people have forgotten about or don't have an asset inventory of that could have critical vulnerabilities," Poggioli said.
Cybersecurity Awareness Month is an opportunity for organisations to take stock of these devices and begin addressing their risks.
As this year's campaign unfolds, Poggioli offered a concrete example of how vulnerabilities in connected devices can escalate into major threats. He pointed to solar inverters used in energy grids, which could be manipulated by attackers if critical vulnerabilities go unnoticed.
"If you've got 20,000 solar inverters out there that are five years old, and a critical vulnerability gets discovered, someone could take charge of those inverters and disrupt the power grid," he warned.
The increasing awareness of these risks is driving change, with organisations now considering cybersecurity more carefully when purchasing new technology. However, the legacy systems that remain connected to networks present the most significant challenges.
"What lies deeper is all the legacy technology that's out there and connected that may have critical vulnerabilities," Poggioli said. This month is the ideal time for organisations to audit these systems and prioritise fixes for the most urgent vulnerabilities.
Claroty is also leveraging AI to enhance detection and response capabilities, particularly as cyber attackers become more sophisticated. "Attackers are now using AI and other automation methods to attack organisations in more novel ways," Poggioli said. He urged companies to adopt AI-driven solutions to level the playing field, a crucial theme of this month's campaign, which highlights the increasing complexity of cyber threats.
For organisations looking to protect their infrastructure, Poggioli stressed that cybersecurity is a journey. It starts with asset discovery and requires ongoing collaboration.
"It's not like you put in a product like Claroty and snap your fingers and all of a sudden you're protected," he explained.
As Cybersecurity Awareness Month highlights the importance of a collective effort in safeguarding critical systems, Claroty remains focused on raising awareness and improving protection year-round.
"Cyber safety isn't just a job for the cyber team; it's an opportunity for everyone in the organisation to play a part," Poggioli said.
By raising awareness during this critical month and beyond, Poggioli hopes to inspire more individuals and organisations to take an active role in securing the infrastructure we rely on daily.
"Cyber safety is an opportunity for everyone to help make the world more cyber safe and protect our modern digital way of life."