Four Key Cybersecurity Trends For Industrial Companies

Uploaded on 2023-10-20 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

For industrial companies, it has become a near-certainty that cyberattacks will disrupt their operations in the coming year. According to Trend Micro, this was the case for 89% of companies in the electricity, oil & gas, and manufacturing sectors in the past twelve months.

Due to several factors ranging from geopolitical tensions to cybersecurity skills shortages, these attacks have become more frequent but also more costly and severe. On cybersecurity awareness month, here are four key trends to monitor.

The Impact Of Ransomware On Industrial Company Operations

Ransomware attacks have become a fact of life for companies of any size: 2 out of 3 companies above $50 million in revenue reported being hit by a ransomware attack in the past year. Attacks against industrial firms, in particular, increased by 87% between 2021 and 2022.

While manufacturing firms represent the larger share of ransomware attacks against industrial companies, no sector is immune. In 2022, energy, oil, and gas organizations experienced 50 ransomware incidents, including Energy One in the UK and DESFA in Greece. Pharmaceutical companies, transportation entities, and utilities  - like South Staffordshire Water in the UK and Águas e Energia do Porto in Portugal - also frequently fall victim.

Manufacturing, energy or transportation firms are often targeted due to the varied systems and equipment they use, offering hackers many potential entry points and greater opportunities to find vulnerabilities.In addition, the cost of halting operations at a major factory, airport, or power plant can be so high that their owners are more likely to agree to pay a hefty ransom.

For example, in April 2022, a ransomware attack against Clestra Hauserman, a French construction company, paralyzed operations for nearly three months, eventually forcing the company to seek receivership.

Sophisticated Attacks Prey On OT Vulnerabilities

To maximize their chances of success, hackers are using increasingly sophisticated attacks that take advantage of vulnerabilities that are specific to industrial companies. For example, the malware toolkit Pipedream, publicly identified in 2022, has been specifically designed to attack industrial control systems (ICS).

Overall, such attacks specifically devised to target operational technologies - used to operate a facility’s physical processes and industrial operations - have increased by more than 30% over the past twelve months.

But even less sophisticated attacks can disrupt operations, taking advantage of a common trend among industrial companies: the convergence between Operational technology (OT) and IT. In the past years, industrial companies have increasingly connected their industrial machinery and processes to the rest of their IT systems, to allow for greater efficiency and automation. But this greater interconnection has also allowed for more devastating cyberattacks originating on the IT side.

These cyberattacks can prey on laxer cybersecurity practices on the operational side, such as poor network segmentation or low visibility over inventory or patches. For example, half of the European companies in energy and utilities say that they have little to no visibility over the patching of their assets, and one out of ten believe that they would need more than six months to patch a critical vulnerability.  

Cyber Attacks Target Critical Nodes In The Supply Chain

Risks of cyberattacks are not limited to a company's own systems. For major industrial firms, vulnerabilities can be found among suppliers and critical supply chain nodes, such as ports, airports or shipping companies. In July 2023, Toyota had to interrupt its packaging line after a ransomware attack struck the port of Nagoya, its primary shipping hub. A year before, another cyberattack on one of its suppliers had led it to halt production in all of its Japanese factories.

The choice of such targets is deliberate, and ports are particularly vulnerable, as Larry O'Brien of ARC Advisory Group notes: "Numerous cybersecurity vulnerabilities exist in the maritime transportation system when it comes to Operational Technology (OT) level technologies, products, and systems. A huge range of connected assets now exists, from cargo movement systems found in cranes to intelligent pumps, positioning, navigation and timing systems (PNT), and vessels. These new connected solutions are not always installed with cybersecurity in mind, and many ports and facilities do not have sufficient personnel to manage cybersecurity."

The physical components of the supply chain are not the only ones at risk. In the past twelve months, two of the most devastating cyberattacks - GoAnywhere and MoveIt - targeted managed file-transfer software, commonly used to exchange data with partners, suppliers, and customers securely. In both cases, hackers gained access to a vast number of clients, encompassing government bodies and major corporations, such as the BBC, British Airways, and the US Department of Energy.

How Skills Shortages Can Lead To Vulnerabilities & Poor Inventory Practices

Ports are hardly alone in grappling with the persistent challenge of staffing their cybersecurity teams in the face of escalating threats.According to a recent Enterprise Strategy Group (ESG) report, a staggering 71% of companies reported facing skills shortages in this area. Moreover, two-thirds of cybersecurity professionals indicated their roles had become more challenging over the past two years.

A primary concern, cited by 59% of respondents, was the expanding attack surface of their companies, influenced by factors ranging from the Internet of Things (IoT) to the rise of remote work. 43% also cited budgetary constraints and the complexity of regulatory compliance.  The repercussions of thinly spread and underfunded cybersecurity teams are palpable. In February 2023, cybercriminals exploited thousands of VMware ESXi servers, capitalizing on a vulnerability known for almost two years.

The fact that hackers can still leverage two-year-old vulnerabilities at a large scale shows that industrial companies need better inventory, vulnerability management programs and auditing practices.

Having a full, well-maintained inventory of all OT and IT assets and endpoints is key to understanding the potential attack surfaces, identifying vulnerabilities, and developing effective incident response and recovery. With the skills gap projected to persist into 2024 and beyond, having such a comprehensive inventory can lay the groundwork for automating more cybersecurity tasks. For instance, they might serve to cross-check existing devices and software against databases of known vulnerabilities, like the NIST-NVD from the National Institute of Standards and Technology and determine the number of vulnerabilities in their operating facilities and have a perception of the equipment at risk.

Adopting such strategies may become indispensable. In a climate of economic unpredictability, 51% of large enterprises anticipate either a reduction or a freeze in their cybersecurity budgets in the next twelve months. For industrial companies, fighting cyberattacks in ever greater numbers with less money and resources might be the defining challenge of 2024.

Edgardo Moreno is Executive Industry Consultant at Hexagon                          Image: Simon Boxus

You Might Also Read: 

How To Check Out Suppliers Before You Commit:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The AI Dilemma: Regulate, Monopolize, Or Liberate
Revealed: CIA Using TwitterX To Recruit Spies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Indium Software

Indium Software

Indium Software is an Independent Software Testing Company offering software testing services (including security testing) and offshore Quality Assurance solutions.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Cyan Securiy Group

Cyan Securiy Group

Cyan provide best-in-class cyber security solutions for mobile Internet and mobile devices that are extremely effective and highly intuitive in their use.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Voodoo Security

Voodoo Security

Voodoo Security is a specialized information security consulting firm focused on security assessments, risk and compliance analysis, and cloud security.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

mxHERO

mxHERO

mxHERO reduces the risks inherent with ransom and cyber-security threats specific to email.

Battery Ventures

Battery Ventures

Battery partners with talented founders and teams building category-defining businesses at all stages of growth.

Spirit Technology Solutions

Spirit Technology Solutions

Spirit Technology Solutions is a modern workplace services provider committed to delivering solutions that embody our core principles of security, sustainability, and scalability.