At this point, we are essentially surrounded by cybercrime. The more we rely on connected devices, the more vulnerable we become to some form of attack. This is true almost entirely across the board no matter which sector, type of entity, size, location, etc. While an intimidating notion, it is a sign of the technical era in which we are in. The threat landscape has rapidly expanded and become easier for both sophisticated and basic-level hackers to take advantage of. However, the cybersecurity field to protect against such intrusions is also evolving. As it does, a major focus will be on playing the long game with OT cybersecurity. In this post, we break down the statistics, risks and efforts driving this prolonged initiative.
In order to properly address protecting vulnerable systems such as OT networks, it is important to first understand the environment that we exist in. Safeatlast pulled a number of statistics that help to illustrate it. According to its post, “a hacker attack takes place worldwide every 39 seconds.” This ranges from individuals to large-scale companies. In fact, it was estimated that two out of three companies across the globe experienced a cyberattack in the past year. For example, there were reportedly 1.51 billion IoT device breaches that occurred within the first half of 2021. Numbers like this have led to the $262.4 billion spent on cybersecurity in 2021, which is expected to significantly increase by 2025. One of the most alarming stats, though, is that it can take an average of 228 days for an organization to even realize that it has been compromised.
Risks Impacting Manufacturing and Critical Infrastructure
As we look to combat the state of attacks we face, an increasingly crucial element to the strategy is prioritizing manufacturing and critical infrastructure. During a Fast Company and IBM sponsored panel titled “Privacy Anywhere, Security Everywhere,” Mary O’Brien, general manager of security at IBM, explained, “For the first time in my tenure, manufacturing was the most targeted industry in 2021.” Although entitles like financial institutions have and will likely always be a prime target for cybercriminals, manufacturing has moved up in rank as we were forced to realize our heavy dependence on it, especially during the pandemic. That need translated into a particular opportunity for money, which heightened the risk of ransomware incidents and other breaches.
Another significant sector witnessing an expansion in cyber risk is critical infrastructure. A string of attacks from the one attempted on the water supply system in Oldsmar, Florida to the one executed on the Colonial Pipeline have made this trend evident. This threat is also becoming more pertinent with the potential cyber repercussions that can come out of the war between Russia and Ukraine. One field feeling the pressure to guard against this unfolding problem is energy. Political and security leaders have warned the industry about the “domino effect” an attack on its operations can have, according to a Wall Street Journal article.
Protecting Industrial Control Systems and Operational Technology
Considering such concerns, the sense of urgency around developing updated ways to protect industrial control systems (ICS) and operations technology (OT) have emerged since these are part of the foundation for manufacturing and critical infrastructure networks. The Cybersecurity and Infrastructure Security Agency (CISA) recently announced that it is growing its Joint Cyber Defense Collaborative (JCDC) program. The JCDC will now include ICS experts in its efforts. Among these experts are security vendors, integrators and distributors, as described in a release put out by the CISA. “I’m excited to leverage our evolving JCDC platform to enable us to plan, exercise, and collaborate with industry leaders to drive down risk to the systems and networks we depend on so greatly as a nation,” stated CISA Director Jen Easterly.
The CISA isn’t the only organization seeking to bring together knowledge from both the public and private sectors. A new industry group known as the Operational Technology Cybersecurity Coalition is also on a mission to enhance collaboration. As described in a post for The Daily Swig, the group “aims to coordinate efforts [to] improve industrial control system security in an effort geared towards bolstering the resilience of critical infrastructure components.” In building relationships among its members and the government, a central purpose behind the coalition is information sharing. In turn, the goal is to establish a strengthened base that can withstand the many threats that we have covered here, including those that stem from international issues. It is together that we are more likely to win both the short and long game in OT security.
- “Terrifying Cybercrime Statistics – Protect Yourself in 2022” – Safeatlast
- “How COVID and Web3 have changed cybersecurity” – Fast Company
- “Preparing for Energy Industry Cyberattacks” – David Berg, Wall Street Journal
- “CISA Expands The Joint Cyber Defense Collaborative To Include Industrial Control Systems Industry Expertise” – Cybersecurity & Infrastructure Security Agency
- “OT security coalition aims to bolster industrial cybersecurity” – Stephen Pritchard, The Daily Swig
Learn about the ultimate solution to protect infrastructure networks, Net-Optix.