Claroty’s Sean Tufts on Security Issues Facing Critical Infrastructure Providers
In the intricate world of cybersecurity, third-party risks have emerged as a pressing concern, particularly for critical infrastructure providers. These risks not only pose challenges for cybersecurity professionals but also provoke potential regulatory shifts aimed at enhancing the safety of cyber-physical systems.
The Landscape of Third-Party Risks
A recent global survey conducted by Claroty revealed a striking disparity in perceptions surrounding the adherence to cybersecurity standards. While 69% of cybersecurity experts claim they are diligently following best practices, a substantial 76% anticipate that evolving regulations will necessitate a complete overhaul of their existing security strategies. This indicates a significant gap in confidence and preparedness, as many professionals find themselves uncertain about forthcoming regulatory mandates.
Sean Tufts, the field CTO at Claroty, succinctly summarizes this dilemma: “On one hand, we have people saying we’re going to meet regulation as it is based on best practices. On the other hand, those same people said we’ll have to change everything. That tells me people really don’t know what the regulations are going to do.”
Breaches Triggered by Third-Party Access
One of the most alarming insights from the survey is the frequency of breaches linked to third-party access. Nearly half of organizations managing cyber-physical systems reported experiencing a breach in the past year due to vulnerabilities introduced by third parties. Additionally, 54% of respondents discovered security weaknesses in vendor contracts only after an incident had occurred. This stark reality emphasizes the importance of scrutinizing third-party relationships and understanding the potential risks involved.
The Ripple Effect of Geopolitical Dynamics
In the broader context, geopolitical shifts are increasingly disrupting supply chains, adding another layer of complexity to the risk management landscape. These disruptions not only affect operational integrity but also amplify cybersecurity vulnerabilities. Tufts highlights the need for a proactive approach, wherein organizations must consider not just their own security measures but also those of their vendors and partners in the ever-evolving global landscape.
Navigating the Regulatory Landscape
As concerns about third-party risks mount, the conversation around regulatory changes intensifies. Increased scrutiny may lead organizations to reconsider their security programs, potentially creating a ripple effect through the operational technology (OT) ecosystem. Companies are urged to adopt a more holistic view, ensuring that security strategies encompass all facets of their operations, including programmable logic controllers, distributed control systems, and SCADA systems.
The Role of Cybersecurity Leadership
With two decades of experience in industrial cybersecurity, Sean Tufts has a unique perspective on these challenges. His background includes impactful roles at industry giants like GE and Optiv, giving him deep insights into the convergence of operational technology and cyber risk management. At Claroty, Tufts collaborates closely with customers, partners, and internal teams to drive technical strategy and elevate field execution, ensuring that the company’s platform continually delivers meaningful outcomes.
A Call to Action for Cybersecurity Professionals
As the threat landscape evolves, so too must the strategies employed by cybersecurity professionals. Tufts’ insights emphasize a critical need for organizations to remain adaptable, vigilant, and collaborative in addressing the multifaceted challenges posed by third-party risks. The intersection of OT, IT, and cyber risk management requires a concerted effort and proactive leadership in navigating an uncertain future.
In summary, concerns about third-party risks are not only reshaping cybersecurity strategies but also hinting at forthcoming regulatory changes that could impact critical infrastructure sectors. By fostering a culture of security that extends beyond organizational walls and incorporating the latest insights from leaders like Sean Tufts, organizations can better prepare for the challenges ahead while ensuring the safety and resilience of their cyber-physical systems.
