Four Key Cybersecurity Trends For Industrial Companies

Uploaded on 2023-10-20 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

For industrial companies, it has become a near-certainty that cyberattacks will disrupt their operations in the coming year. According to Trend Micro, this was the case for 89% of companies in the electricity, oil & gas, and manufacturing sectors in the past twelve months.

Due to several factors ranging from geopolitical tensions to cybersecurity skills shortages, these attacks have become more frequent but also more costly and severe. On cybersecurity awareness month, here are four key trends to monitor.

The Impact Of Ransomware On Industrial Company Operations

Ransomware attacks have become a fact of life for companies of any size: 2 out of 3 companies above $50 million in revenue reported being hit by a ransomware attack in the past year. Attacks against industrial firms, in particular, increased by 87% between 2021 and 2022.

While manufacturing firms represent the larger share of ransomware attacks against industrial companies, no sector is immune. In 2022, energy, oil, and gas organizations experienced 50 ransomware incidents, including Energy One in the UK and DESFA in Greece. Pharmaceutical companies, transportation entities, and utilities  - like South Staffordshire Water in the UK and Águas e Energia do Porto in Portugal - also frequently fall victim.

Manufacturing, energy or transportation firms are often targeted due to the varied systems and equipment they use, offering hackers many potential entry points and greater opportunities to find vulnerabilities.In addition, the cost of halting operations at a major factory, airport, or power plant can be so high that their owners are more likely to agree to pay a hefty ransom.

For example, in April 2022, a ransomware attack against Clestra Hauserman, a French construction company, paralyzed operations for nearly three months, eventually forcing the company to seek receivership.

Sophisticated Attacks Prey On OT Vulnerabilities

To maximize their chances of success, hackers are using increasingly sophisticated attacks that take advantage of vulnerabilities that are specific to industrial companies. For example, the malware toolkit Pipedream, publicly identified in 2022, has been specifically designed to attack industrial control systems (ICS).

Overall, such attacks specifically devised to target operational technologies - used to operate a facility’s physical processes and industrial operations - have increased by more than 30% over the past twelve months.

But even less sophisticated attacks can disrupt operations, taking advantage of a common trend among industrial companies: the convergence between Operational technology (OT) and IT. In the past years, industrial companies have increasingly connected their industrial machinery and processes to the rest of their IT systems, to allow for greater efficiency and automation. But this greater interconnection has also allowed for more devastating cyberattacks originating on the IT side.

These cyberattacks can prey on laxer cybersecurity practices on the operational side, such as poor network segmentation or low visibility over inventory or patches. For example, half of the European companies in energy and utilities say that they have little to no visibility over the patching of their assets, and one out of ten believe that they would need more than six months to patch a critical vulnerability.  

Cyber Attacks Target Critical Nodes In The Supply Chain

Risks of cyberattacks are not limited to a company's own systems. For major industrial firms, vulnerabilities can be found among suppliers and critical supply chain nodes, such as ports, airports or shipping companies. In July 2023, Toyota had to interrupt its packaging line after a ransomware attack struck the port of Nagoya, its primary shipping hub. A year before, another cyberattack on one of its suppliers had led it to halt production in all of its Japanese factories.

The choice of such targets is deliberate, and ports are particularly vulnerable, as Larry O'Brien of ARC Advisory Group notes: "Numerous cybersecurity vulnerabilities exist in the maritime transportation system when it comes to Operational Technology (OT) level technologies, products, and systems. A huge range of connected assets now exists, from cargo movement systems found in cranes to intelligent pumps, positioning, navigation and timing systems (PNT), and vessels. These new connected solutions are not always installed with cybersecurity in mind, and many ports and facilities do not have sufficient personnel to manage cybersecurity."

The physical components of the supply chain are not the only ones at risk. In the past twelve months, two of the most devastating cyberattacks - GoAnywhere and MoveIt - targeted managed file-transfer software, commonly used to exchange data with partners, suppliers, and customers securely. In both cases, hackers gained access to a vast number of clients, encompassing government bodies and major corporations, such as the BBC, British Airways, and the US Department of Energy.

How Skills Shortages Can Lead To Vulnerabilities & Poor Inventory Practices

Ports are hardly alone in grappling with the persistent challenge of staffing their cybersecurity teams in the face of escalating threats.According to a recent Enterprise Strategy Group (ESG) report, a staggering 71% of companies reported facing skills shortages in this area. Moreover, two-thirds of cybersecurity professionals indicated their roles had become more challenging over the past two years.

A primary concern, cited by 59% of respondents, was the expanding attack surface of their companies, influenced by factors ranging from the Internet of Things (IoT) to the rise of remote work. 43% also cited budgetary constraints and the complexity of regulatory compliance.  The repercussions of thinly spread and underfunded cybersecurity teams are palpable. In February 2023, cybercriminals exploited thousands of VMware ESXi servers, capitalizing on a vulnerability known for almost two years.

The fact that hackers can still leverage two-year-old vulnerabilities at a large scale shows that industrial companies need better inventory, vulnerability management programs and auditing practices.

Having a full, well-maintained inventory of all OT and IT assets and endpoints is key to understanding the potential attack surfaces, identifying vulnerabilities, and developing effective incident response and recovery. With the skills gap projected to persist into 2024 and beyond, having such a comprehensive inventory can lay the groundwork for automating more cybersecurity tasks. For instance, they might serve to cross-check existing devices and software against databases of known vulnerabilities, like the NIST-NVD from the National Institute of Standards and Technology and determine the number of vulnerabilities in their operating facilities and have a perception of the equipment at risk.

Adopting such strategies may become indispensable. In a climate of economic unpredictability, 51% of large enterprises anticipate either a reduction or a freeze in their cybersecurity budgets in the next twelve months. For industrial companies, fighting cyberattacks in ever greater numbers with less money and resources might be the defining challenge of 2024.

Edgardo Moreno is Executive Industry Consultant at Hexagon                          Image: Simon Boxus

You Might Also Read: 

How To Check Out Suppliers Before You Commit:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The AI Dilemma: Regulate, Monopolize, Or Liberate
Revealed: CIA Using TwitterX To Recruit Spies »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

AON

AON

Aon is a leading global provider of risk management (including cyber), insurance and reinsurance brokerage, human resources solutions and outsourcing services.

SecuriThings

SecuriThings

SecuriThings is a User and Entity Behavioral Analytics (UEBA) solution for IoT security.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Scanmeter

Scanmeter

Scanmeter helps identifying vulnerabilities in software and systems before they can be exploited by an attacker.

NanoLock Security

NanoLock Security

NanoLock delivers the industry’s only end-to-end platform for the IoT and connected devices ecosystem.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Monokee

Monokee

Monokee offers a solution that seamlessly integrates powerful Identity and Access Management (IAM) capabilities with a low/no code identity orchestrator.