Four Key Cybersecurity Trends For Industrial Companies

Uploaded on 2023-10-20 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

For industrial companies, it has become a near-certainty that cyberattacks will disrupt their operations in the coming year. According to Trend Micro, this was the case for 89% of companies in the electricity, oil & gas, and manufacturing sectors in the past twelve months.

Due to several factors ranging from geopolitical tensions to cybersecurity skills shortages, these attacks have become more frequent but also more costly and severe. On cybersecurity awareness month, here are four key trends to monitor.

The Impact Of Ransomware On Industrial Company Operations

Ransomware attacks have become a fact of life for companies of any size: 2 out of 3 companies above $50 million in revenue reported being hit by a ransomware attack in the past year. Attacks against industrial firms, in particular, increased by 87% between 2021 and 2022.

While manufacturing firms represent the larger share of ransomware attacks against industrial companies, no sector is immune. In 2022, energy, oil, and gas organizations experienced 50 ransomware incidents, including Energy One in the UK and DESFA in Greece. Pharmaceutical companies, transportation entities, and utilities  - like South Staffordshire Water in the UK and Águas e Energia do Porto in Portugal - also frequently fall victim.

Manufacturing, energy or transportation firms are often targeted due to the varied systems and equipment they use, offering hackers many potential entry points and greater opportunities to find vulnerabilities.In addition, the cost of halting operations at a major factory, airport, or power plant can be so high that their owners are more likely to agree to pay a hefty ransom.

For example, in April 2022, a ransomware attack against Clestra Hauserman, a French construction company, paralyzed operations for nearly three months, eventually forcing the company to seek receivership.

Sophisticated Attacks Prey On OT Vulnerabilities

To maximize their chances of success, hackers are using increasingly sophisticated attacks that take advantage of vulnerabilities that are specific to industrial companies. For example, the malware toolkit Pipedream, publicly identified in 2022, has been specifically designed to attack industrial control systems (ICS).

Overall, such attacks specifically devised to target operational technologies - used to operate a facility’s physical processes and industrial operations - have increased by more than 30% over the past twelve months.

But even less sophisticated attacks can disrupt operations, taking advantage of a common trend among industrial companies: the convergence between Operational technology (OT) and IT. In the past years, industrial companies have increasingly connected their industrial machinery and processes to the rest of their IT systems, to allow for greater efficiency and automation. But this greater interconnection has also allowed for more devastating cyberattacks originating on the IT side.

These cyberattacks can prey on laxer cybersecurity practices on the operational side, such as poor network segmentation or low visibility over inventory or patches. For example, half of the European companies in energy and utilities say that they have little to no visibility over the patching of their assets, and one out of ten believe that they would need more than six months to patch a critical vulnerability.  

Cyber Attacks Target Critical Nodes In The Supply Chain

Risks of cyberattacks are not limited to a company's own systems. For major industrial firms, vulnerabilities can be found among suppliers and critical supply chain nodes, such as ports, airports or shipping companies. In July 2023, Toyota had to interrupt its packaging line after a ransomware attack struck the port of Nagoya, its primary shipping hub. A year before, another cyberattack on one of its suppliers had led it to halt production in all of its Japanese factories.

The choice of such targets is deliberate, and ports are particularly vulnerable, as Larry O'Brien of ARC Advisory Group notes: "Numerous cybersecurity vulnerabilities exist in the maritime transportation system when it comes to Operational Technology (OT) level technologies, products, and systems. A huge range of connected assets now exists, from cargo movement systems found in cranes to intelligent pumps, positioning, navigation and timing systems (PNT), and vessels. These new connected solutions are not always installed with cybersecurity in mind, and many ports and facilities do not have sufficient personnel to manage cybersecurity."

The physical components of the supply chain are not the only ones at risk. In the past twelve months, two of the most devastating cyberattacks - GoAnywhere and MoveIt - targeted managed file-transfer software, commonly used to exchange data with partners, suppliers, and customers securely. In both cases, hackers gained access to a vast number of clients, encompassing government bodies and major corporations, such as the BBC, British Airways, and the US Department of Energy.

How Skills Shortages Can Lead To Vulnerabilities & Poor Inventory Practices

Ports are hardly alone in grappling with the persistent challenge of staffing their cybersecurity teams in the face of escalating threats.According to a recent Enterprise Strategy Group (ESG) report, a staggering 71% of companies reported facing skills shortages in this area. Moreover, two-thirds of cybersecurity professionals indicated their roles had become more challenging over the past two years.

A primary concern, cited by 59% of respondents, was the expanding attack surface of their companies, influenced by factors ranging from the Internet of Things (IoT) to the rise of remote work. 43% also cited budgetary constraints and the complexity of regulatory compliance.  The repercussions of thinly spread and underfunded cybersecurity teams are palpable. In February 2023, cybercriminals exploited thousands of VMware ESXi servers, capitalizing on a vulnerability known for almost two years.

The fact that hackers can still leverage two-year-old vulnerabilities at a large scale shows that industrial companies need better inventory, vulnerability management programs and auditing practices.

Having a full, well-maintained inventory of all OT and IT assets and endpoints is key to understanding the potential attack surfaces, identifying vulnerabilities, and developing effective incident response and recovery. With the skills gap projected to persist into 2024 and beyond, having such a comprehensive inventory can lay the groundwork for automating more cybersecurity tasks. For instance, they might serve to cross-check existing devices and software against databases of known vulnerabilities, like the NIST-NVD from the National Institute of Standards and Technology and determine the number of vulnerabilities in their operating facilities and have a perception of the equipment at risk.

Adopting such strategies may become indispensable. In a climate of economic unpredictability, 51% of large enterprises anticipate either a reduction or a freeze in their cybersecurity budgets in the next twelve months. For industrial companies, fighting cyberattacks in ever greater numbers with less money and resources might be the defining challenge of 2024.

Edgardo Moreno is Executive Industry Consultant at Hexagon                          Image: Simon Boxus

You Might Also Read: 

How To Check Out Suppliers Before You Commit:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The AI Dilemma: Regulate, Monopolize, Or Liberate
Revealed: CIA Using TwitterX To Recruit Spies »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Berkman Klein Center for Internet & Society

Berkman Klein Center for Internet & Society

The Berkman Klein Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

Lynx

Lynx

Lynx provides high added value services in the area of information systems security and ICT infrastructure building.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

Appgate

Appgate

Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

VikingCloud

VikingCloud

VikingCloud (formerly Sysnet Global Solutions) offers organizations an integrated cybersecurity and compliance solution to make informed, predictive, and cost-effective risk mitigation and prevention

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Netcraft

Netcraft

Netcraft is a global leader in cybercrime detection and disruption, combining cutting-edge technology with decades of experience to protect organizations of all sizes from digital threats and attacks.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.