Four Key Cybersecurity Trends For Industrial Companies

Uploaded on 2023-10-20 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Transport & Travel, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

For industrial companies, it has become a near-certainty that cyberattacks will disrupt their operations in the coming year. According to Trend Micro, this was the case for 89% of companies in the electricity, oil & gas, and manufacturing sectors in the past twelve months.

Due to several factors ranging from geopolitical tensions to cybersecurity skills shortages, these attacks have become more frequent but also more costly and severe. On cybersecurity awareness month, here are four key trends to monitor.

The Impact Of Ransomware On Industrial Company Operations

Ransomware attacks have become a fact of life for companies of any size: 2 out of 3 companies above $50 million in revenue reported being hit by a ransomware attack in the past year. Attacks against industrial firms, in particular, increased by 87% between 2021 and 2022.

While manufacturing firms represent the larger share of ransomware attacks against industrial companies, no sector is immune. In 2022, energy, oil, and gas organizations experienced 50 ransomware incidents, including Energy One in the UK and DESFA in Greece. Pharmaceutical companies, transportation entities, and utilities - like South Staffordshire Water in the UK and Águas e Energia do Porto in Portugal - also frequently fall victim.

Manufacturing, energy or transportation firms are often targeted due to the varied systems and equipment they use, offering hackers many potential entry points and greater opportunities to find vulnerabilities.In addition, the cost of halting operations at a major factory, airport, or power plant can be so high that their owners are more likely to agree to pay a hefty ransom.

For example, in April 2022, a ransomware attack against Clestra Hauserman, a French construction company, paralyzed operations for nearly three months, eventually forcing the company to seek receivership.

Sophisticated Attacks Prey On OT Vulnerabilities

To maximize their chances of success, hackers are using increasingly sophisticated attacks that take advantage of vulnerabilities that are specific to industrial companies. For example, the malware toolkit Pipedream, publicly identified in 2022, has been specifically designed to attack industrial control systems (ICS).

Overall, such attacks specifically devised to target operational technologies - used to operate a facility’s physical processes and industrial operations - have increased by more than 30% over the past twelve months.

But even less sophisticated attacks can disrupt operations, taking advantage of a common trend among industrial companies: the convergence between Operational technology (OT) and IT. In the past years, industrial companies have increasingly connected their industrial machinery and processes to the rest of their IT systems, to allow for greater efficiency and automation. But this greater interconnection has also allowed for more devastating cyberattacks originating on the IT side.

These cyberattacks can prey on laxer cybersecurity practices on the operational side, such as poor network segmentation or low visibility over inventory or patches. For example, half of the European companies in energy and utilities say that they have little to no visibility over the patching of their assets, and one out of ten believe that they would need more than six months to patch a critical vulnerability.

Cyber Attacks Target Critical Nodes In The Supply Chain

Risks of cyberattacks are not limited to a company's own systems. For major industrial firms, vulnerabilities can be found among suppliers and critical supply chain nodes, such as ports, airports or shipping companies. In July 2023, Toyota had to interrupt its packaging line after a ransomware attack struck the port of Nagoya, its primary shipping hub. A year before, another cyberattack on one of its suppliers had led it to halt production in all of its Japanese factories.

The choice of such targets is deliberate, and ports are particularly vulnerable, as Larry O'Brien of ARC Advisory Group notes: "Numerous cybersecurity vulnerabilities exist in the maritime transportation system when it comes to Operational Technology (OT) level technologies, products, and systems. A huge range of connected assets now exists, from cargo movement systems found in cranes to intelligent pumps, positioning, navigation and timing systems (PNT), and vessels. These new connected solutions are not always installed with cybersecurity in mind, and many ports and facilities do not have sufficient personnel to manage cybersecurity."

The physical components of the supply chain are not the only ones at risk. In the past twelve months, two of the most devastating cyberattacks - GoAnywhere and MoveIt - targeted managed file-transfer software, commonly used to exchange data with partners, suppliers, and customers securely. In both cases, hackers gained access to a vast number of clients, encompassing government bodies and major corporations, such as the BBC, British Airways, and the US Department of Energy.

How Skills Shortages Can Lead To Vulnerabilities & Poor Inventory Practices

Ports are hardly alone in grappling with the persistent challenge of staffing their cybersecurity teams in the face of escalating threats.According to a recent Enterprise Strategy Group (ESG) report, a staggering 71% of companies reported facing skills shortages in this area. Moreover, two-thirds of cybersecurity professionals indicated their roles had become more challenging over the past two years.

A primary concern, cited by 59% of respondents, was the expanding attack surface of their companies, influenced by factors ranging from the Internet of Things (IoT) to the rise of remote work. 43% also cited budgetary constraints and the complexity of regulatory compliance. The repercussions of thinly spread and underfunded cybersecurity teams are palpable. In February 2023, cybercriminals exploited thousands of VMware ESXi servers, capitalizing on a vulnerability known for almost two years.

The fact that hackers can still leverage two-year-old vulnerabilities at a large scale shows that industrial companies need better inventory, vulnerability management programs and auditing practices.

Having a full, well-maintained inventory of all OT and IT assets and endpoints is key to understanding the potential attack surfaces, identifying vulnerabilities, and developing effective incident response and recovery. With the skills gap projected to persist into 2024 and beyond, having such a comprehensive inventory can lay the groundwork for automating more cybersecurity tasks. For instance, they might serve to cross-check existing devices and software against databases of known vulnerabilities, like the NIST-NVD from the National Institute of Standards and Technology and determine the number of vulnerabilities in their operating facilities and have a perception of the equipment at risk.

Adopting such strategies may become indispensable. In a climate of economic unpredictability, 51% of large enterprises anticipate either a reduction or a freeze in their cybersecurity budgets in the next twelve months. For industrial companies, fighting cyberattacks in ever greater numbers with less money and resources might be the defining challenge of 2024.

Edgardo Moreno is Executive Industry Consultant at Hexagon Image: Simon Boxus

You Might Also Read:

How To Check Out Suppliers Before You Commit:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.