With the prolonged conflict between Russia and Ukraine, cyberattacks remain a prominent concern for many experts. [redacted] CTO Matt Georgy even wrote an article for Forbes discussing this topic as a cyber version of the Cold War. Among the areas most at risk is the industrial sector. Although there have been responses, including the “Shields Up” advisory issued by the FBI and CISA specifically centered around industrial companies, these operations are still significantly underprepared to handle such threats. Let’s break down this issue.
Industrial Sector Vulnerabilities
As Vicki Knott, CEO of CruxOCM, stated to World Pipelines, “Heavy industry is at its most vulnerable state.” In fact, IBM ranked manufacturing as the second-most targeted industry by cyber criminals. And this is a costly problem to have. IBM also summarizes that the average breach costs can reach up to $5.4 million, which goes back to a major misstep among critical infrastructure organizations – not adopting preventative measures like zero-trust policies. Of those surveyed, only 21% of operators implemented a zero-trust security model.
But it isn’t just zero-trust that the sector is falling behind on. Operators are reportedly failing to invest proper resources into gaining visibility into their IT and operational technology (OT) systems as well. This can be very detrimental considering that cybercriminals can be sneaking around in a system for months before ever detected and are constantly expanding their capabilities. For instance, cyber company Dragos and the National Security Agency tracked an attack framework created by Chernovite, Pipedream, that could be used to compromise multiple sites in both IT and OT networks.
Enhancing Industrial Cybersecurity Preparedness
So, how can we get the industrial sector out of this problematic trend? It basically comes down to ditching the reactive approach for a proactive strategy. There are broader initiatives attempting to help this process along such as a cyber-kinetic testing lab launched in Israel that plans to host a space for trying out cybersecurity solutions. But in order to achieve this, it is also crucial that individual efforts are made to ensure that time and funding are put into steps such as building an incident response plan and team. As a piece for Verdict suggests, it is also important that manufacturers and other industrial organizations partner with cybersecurity specialists equipped with the knowledge and tools that streamline tasks like visibility.
At Veracity Industrial Networks, it is our mission to serve as a reliable partner in this cybersecurity journey. Make sure to tour our website for more information on our services.
Sources:
- “Why A Second Cold War Will Likely Be Fought In Cyberspace” – Matt Georgy, Forbes
https://www.forbes.com/sites/forbestechcouncil/2022/07/19/why-a-second-cold-war-will-likely-be-fought-in-cyberspace/?sh=762119becd28 - “What have we learned about cyberattacks?” – Sara Simper, World Pipelines
https://www.worldpipelines.com/equipment-and-safety/28072022/what-have-we-learned-about-cyberattacks/ - “Manufacturers need to better prepare for imminent cyber attacks” – Verdict
https://www.verdict.co.uk/manufacturers-cybersecurity-needs/ - “IBM Report Reveals Top Data Breach Trends As Costs Hit All-Time High” – Total Security Advisor
https://totalsecurityadvisor.blr.com/cybersecurity/ibm-report-reveals-top-data-breach-trends-as-costs-hit-all-time-high/ - “Visibility and proactive stance needed to secure OT systems” – Aaron Tan, Computer Weekly
https://www.computerweekly.com/news/252523137/Visibility-and-proactive-stance-needed-to-secure-OT-systems - “Israel’s new cyber-kinetic lab will boost the resilience of critical infrastructure” – Zeljka Zorz, Help Net Security
https://www.helpnetsecurity.com/2022/07/27/cyber-lab-ics-ot/
Learn about the ultimate solution to protect infrastructure networks, Net-Optix.