Four Key Cybersecurity Trends For Industrial Companies

For industrial companies, it has become a near-certainty that cyberattacks will disrupt their operations in the coming year. According to Trend Micro, this was the case for 89% of companies in the electricity, oil & gas, and manufacturing sectors in the past twelve months.

Due to several factors ranging from geopolitical tensions to cybersecurity skills shortages, these attacks have become more frequent but also more costly and severe. On cybersecurity awareness month, here are four key trends to monitor.

The Impact Of Ransomware On Industrial Company Operations

Ransomware attacks have become a fact of life for companies of any size: 2 out of 3 companies above $50 million in revenue reported being hit by a ransomware attack in the past year. Attacks against industrial firms, in particular, increased by 87% between 2021 and 2022.

While manufacturing firms represent the larger share of ransomware attacks against industrial companies, no sector is immune. In 2022, energy, oil, and gas organizations experienced 50 ransomware incidents, including Energy One in the UK and DESFA in Greece. Pharmaceutical companies, transportation entities, and utilities  - like South Staffordshire Water in the UK and Águas e Energia do Porto in Portugal - also frequently fall victim.

Manufacturing, energy or transportation firms are often targeted due to the varied systems and equipment they use, offering hackers many potential entry points and greater opportunities to find vulnerabilities.In addition, the cost of halting operations at a major factory, airport, or power plant can be so high that their owners are more likely to agree to pay a hefty ransom.

For example, in April 2022, a ransomware attack against Clestra Hauserman, a French construction company, paralyzed operations for nearly three months, eventually forcing the company to seek receivership.

Sophisticated Attacks Prey On OT Vulnerabilities

To maximize their chances of success, hackers are using increasingly sophisticated attacks that take advantage of vulnerabilities that are specific to industrial companies. For example, the malware toolkit Pipedream, publicly identified in 2022, has been specifically designed to attack industrial control systems (ICS).

Overall, such attacks specifically devised to target operational technologies - used to operate a facility’s physical processes and industrial operations - have increased by more than 30% over the past twelve months.

But even less sophisticated attacks can disrupt operations, taking advantage of a common trend among industrial companies: the convergence between Operational technology (OT) and IT. In the past years, industrial companies have increasingly connected their industrial machinery and processes to the rest of their IT systems, to allow for greater efficiency and automation. But this greater interconnection has also allowed for more devastating cyberattacks originating on the IT side.

These cyberattacks can prey on laxer cybersecurity practices on the operational side, such as poor network segmentation or low visibility over inventory or patches. For example, half of the European companies in energy and utilities say that they have little to no visibility over the patching of their assets, and one out of ten believe that they would need more than six months to patch a critical vulnerability.  

Cyber Attacks Target Critical Nodes In The Supply Chain

Risks of cyberattacks are not limited to a company's own systems. For major industrial firms, vulnerabilities can be found among suppliers and critical supply chain nodes, such as ports, airports or shipping companies. In July 2023, Toyota had to interrupt its packaging line after a ransomware attack struck the port of Nagoya, its primary shipping hub. A year before, another cyberattack on one of its suppliers had led it to halt production in all of its Japanese factories.

The choice of such targets is deliberate, and ports are particularly vulnerable, as Larry O'Brien of ARC Advisory Group notes: "Numerous cybersecurity vulnerabilities exist in the maritime transportation system when it comes to Operational Technology (OT) level technologies, products, and systems. A huge range of connected assets now exists, from cargo movement systems found in cranes to intelligent pumps, positioning, navigation and timing systems (PNT), and vessels. These new connected solutions are not always installed with cybersecurity in mind, and many ports and facilities do not have sufficient personnel to manage cybersecurity."

The physical components of the supply chain are not the only ones at risk. In the past twelve months, two of the most devastating cyberattacks - GoAnywhere and MoveIt - targeted managed file-transfer software, commonly used to exchange data with partners, suppliers, and customers securely. In both cases, hackers gained access to a vast number of clients, encompassing government bodies and major corporations, such as the BBC, British Airways, and the US Department of Energy.

How Skills Shortages Can Lead To Vulnerabilities & Poor Inventory Practices

Ports are hardly alone in grappling with the persistent challenge of staffing their cybersecurity teams in the face of escalating threats.According to a recent Enterprise Strategy Group (ESG) report, a staggering 71% of companies reported facing skills shortages in this area. Moreover, two-thirds of cybersecurity professionals indicated their roles had become more challenging over the past two years.

A primary concern, cited by 59% of respondents, was the expanding attack surface of their companies, influenced by factors ranging from the Internet of Things (IoT) to the rise of remote work. 43% also cited budgetary constraints and the complexity of regulatory compliance.  The repercussions of thinly spread and underfunded cybersecurity teams are palpable. In February 2023, cybercriminals exploited thousands of VMware ESXi servers, capitalizing on a vulnerability known for almost two years.

The fact that hackers can still leverage two-year-old vulnerabilities at a large scale shows that industrial companies need better inventory, vulnerability management programs and auditing practices.

Having a full, well-maintained inventory of all OT and IT assets and endpoints is key to understanding the potential attack surfaces, identifying vulnerabilities, and developing effective incident response and recovery. With the skills gap projected to persist into 2024 and beyond, having such a comprehensive inventory can lay the groundwork for automating more cybersecurity tasks. For instance, they might serve to cross-check existing devices and software against databases of known vulnerabilities, like the NIST-NVD from the National Institute of Standards and Technology and determine the number of vulnerabilities in their operating facilities and have a perception of the equipment at risk.

Adopting such strategies may become indispensable. In a climate of economic unpredictability, 51% of large enterprises anticipate either a reduction or a freeze in their cybersecurity budgets in the next twelve months. For industrial companies, fighting cyberattacks in ever greater numbers with less money and resources might be the defining challenge of 2024.

Edgardo Moreno is Executive Industry Consultant at Hexagon                          Image: Simon Boxus

You Might Also Read: 

How To Check Out Suppliers Before You Commit:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The AI Dilemma: Regulate, Monopolize, Or Liberate
Revealed: CIA Using TwitterX To Recruit Spies »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Source Defense

Source Defense

Source Defense provides websites with the first ever prevention technology for attacks of third-party origin.

Private Internet Access

Private Internet Access

Private Internet Access is a Virtual Private Network services provider offering secure encrypted access to the internet.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

Sontiq

Sontiq

Sontiq is committed to providing best-in-class, highly scalable, award-winning identity security solutions to consumers, businesses and government agencies.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

Tabidus Technology

Tabidus Technology

Tabidus Technology is a cybersecurity association that unites and provides the global protection options against cyber threats.

Panther Labs

Panther Labs

Panther’s mission is to make security monitoring fast, flexible and scalable for all security teams.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

Mindcore Technologies

Mindcore Technologies

Mindcore provide cyber security services, managed IT services and IT consulting services to businesses in NJ, FL, and throughout the United States.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.