As we reach the middle of 2023, OT cybersecurity threats are getting more prevalent
The manufacturing sector is fast becoming a hotbed for cyberattacks, with threat actors focusing their efforts on Operational Technology (OT) cybersecurity teams. According to the 2023 X-Force Threat Intelligence Index report by IBM, manufacturing is the most attacked industry among OT-related sectors, accounting for over half of all incidents against OT organizations in 2022.
OT cybersecurity in the news
High-profile ransomware attacks against manufacturers like Bridgestone, AGCO, and Kojima Industries continue to grab headlines. These attacks often extend beyond IT systems, impacting production operations, either due to forced shutdowns as a preventative measure or through network boundary breaches. The financial implications of these OT shutdowns frequently surpass the ransom payments themselves.
However, the severity of ransomware threats pales in comparison to direct attacks on OT systems. These attacks can manipulate industrial processes, leading to equipment damage, environmental harm, and potential human casualties. The manufacturing sector, though not as stringently regulated as other critical sectors like energy, water, and transportation, remains a prime target for cyber attackers.
Examples of such threats abound, with the June 2020 cyberattack on Honda serving as a stark reminder. This attack, carried out by software designed to target a wide range of industrial facilities’ control systems, previously used exclusively by state agents, highlighted the growing sophistication of cybercriminals and the escalating threat to OT infrastructure.
Another case in point is the LockerGoga ransomware attack against Norwegian aluminum parts manufacturer Norsk Hydro in 2019. This attack cost the company $52 million in the first quarter alone and forced the temporary halting of production. In this instance, the company was fortunate to restore operations relatively quickly, but losing control over operational systems can lead to disastrous outcomes and, as proven by us still discussing this, loss of professional reputation.
Indeed, physical damage is an unfortunate reality, as evidenced by the 2014 attack on a German steel plant. The attack compromised the plant’s control systems, preventing the regulation or shutdown of the plant’s furnace and causing significant physical damage.
The most prevalent forms of attacks against manufacturers include ransomware, phishing attacks, SQLi injection attacks, and exploitations of known vulnerabilities within SCADA and ICS hardware components. Ransomwares like LockerGoga, WannaCry, GandCrab, and BitPaymer have been particularly effective against industrial and manufacturing targets.
Reserved OT cybersecurity statistics
Worryingly, the true scale of these threats is likely to be understated due to limited compliance reporting requirements in the manufacturing sector. Without legal obligations to disclose data breaches, manufacturers may appear less frequently targeted than they actually are, which is a disturbing thought considering the statistics we “can” see.
Supply and demand
Supply chain threats also pose significant risks, especially to manufacturers with international supply chains. Business email compromise fraud, a type of man-in-the-middle attack, is a common threat. Cybercriminals can hijack company email servers or individual accounts, insert themselves into existing communication threads, and divert funds to their own accounts. The Microsoft Exchange email server vulnerabilities exploited in February 2021 and the SolarWinds software compromise in December 2020 are notable examples of high-profile supply chain attacks.
The growing complexities of IT/OT cybersecurity
As we move towards the latter half of 2023, the threat landscape is likely to become even more complex. We can anticipate more disruptive events leveraging ransomware and supply chain attacks, which could evolve into sophisticated sequenced or staged events. These could compromise the integrity of process data, resulting in even more significant damage to physical systems.
The increasing sophistication and volume of OT/IT cybersecurity threats call for heightened vigilance and enhanced protective measures. A proactive and robust approach to cybersecurity is no longer an option—it’s a necessity for the survival and success of manufacturers in this digital age.
OT security compliance standards
Ensuring compliance is a critical facet of OT cybersecurity, as it requires adherence to a host of legal and regulatory mandates, industry norms, and optimal practices. Incorporating compliance measures within OT security protocols allows organizations to sustain robust security mechanisms and simultaneously fulfill their legal commitments. This amalgamation of compliance and security not only aids in reducing risks and vulnerabilities but also cultivates confidence among customers, collaborators, and regulatory authorities. It’s important to note that compliance norms often vary regionally, reflecting localized legal nuances in operational standards and procedures.
OT cybersecurity defense
Embedding compliance within OT security is essential for organizations aiming to safeguard their crucial infrastructure, guarantee seamless business functioning, and uphold a stalwart security stance. By synchronizing compliance with cybersecurity strategies, instituting a thorough compliance plan, embracing a risk-centric method, taking a comprehensive approach, capitalizing on external expertise, and drawing upon the Purdue Model, a hierarchical framework designed for industrial control systems – providing a structured approach to segregate and protect different levels of OT systems, ranging from physical process levels to enterprise-wide networks, organizations can seamlessly blend compliance protocols with their OT security tactics. This amalgamation not only minimizes risks and vulnerabilities but also engenders trust among customers, partners, and regulators, ultimately paving the way for the organization’s sustained success.
At TrueFort, we’ve forged a strategic alliance with Armis, a frontrunner in the realm of asset visibility and security solutions. Our collaborative efforts have culminated in a unified platform that amalgamates business and asset intelligence, thereby addressing the security predicaments arising from the proliferating count of interconnected OT and IT devices and control systems and addressing the growing and evolving IT/OT cybersecurity threat landscape.
