Video

Beware! Adversaries Are Spending More Time Living Off the Land

While critical infrastructure organizations are becoming increasingly aware of the changing threat landscape, the efforts to secure crown jewels are still a work in progress.According to a 2022 Thales ‘Data Report on Critical Infrastructure’ report, an overwhelming 79% respondents had some level of concern about the security risks of employees working remotely and about 44% reported increase in volume, severity and scope of cyberattacks in the past one year.

See Also: Redefining with Intelligent Automation: A Focus on the Manufacturing Industry

The Metropolitan Water District of Southern California serves over 19 million people through a network of 26 member agencies. It operates some of the largest water treatment plants in the world. It was also unsuccessfully targeted by a cyber espionage campaign in 2021.

"Sometimes we give undue credit to attackers. It is not always true to assume they are super creative. Indeed, they are becoming stealthier and spend more time living off the land," says Jake Margolis, CISO at Metropolitan Water District of Southern California. "If we balance the risk of flexibility and operability well, especially during events like the COVID-19 pandemic, the attacks can be minimized."

In this video interview with Information Security Media Group, Margolis discusses:

• Best practices critical infrastructure CISOs must follow;
• The importance of sharing information among peers;
• Treating zero trust not as a replacement but as a supplement to existing security controls.

Margolis is a strategically focused IT and cybersecurity leader providing innovative technology solutions to solve complex issues for internal and external customers. He has an extensive experience in delivering solutions at scale for the public sector and critical infrastructure organizations. Prior to joining the Metropolitan Water District of Southern California, he was the CISO at the County of Orange.