There are many basic steps that an organization can do to help improve their OT (operational technology) cybersecurity posture. However, sometimes simple proactive steps such as getting a vulnerability assessment, can be met with a lot of hesitation.

Sadly, there are still some misconceptions out there where stakeholders severely downplay the importance of cybersecurity. There are still those who believe the problem doesn’t relate since nothing has happened to them yet. These same people typically say that it’s better to just deal with cybersecurity once it becomes a problem. This is a very reactive stance that is waiting for trouble and will most likely end up costing much more in the long term. Considering that “business interrupted” cyberattacks have increased 50% year over year[1] and the average total cost of a data breach in 2022 was $4.24 million[2], getting a vulnerability assessment is one of the smartest steps a business can take to reduce risk.

Recently, especially since the pandemic, the world has experienced a significant increase in cyberattacks across multiple industrial sectors, leading to downtime and impacting business operations for organizations worldwide. In the first half of 2021, 33.8% of industrial control systems (ICS) were attacked[3].

The pace of digital transformation is accelerating at an astounding rate which is magnifying the OT cybersecurity problem. Air gaps that once separated OT from IT are disappearing due to the need of integrated infrastructures and solutions, not to mention the introduction of Industrial Internet-of-Things (IIoT) devices. With these changes, securing OT environments is becoming more and more critical. It is also extremely important that businesses pay close attention to how remote access is being utilized including how it’s being used, who has access to it, when it’s being used, etc. and what could happen if that access falls into the wrong hands.

As industrial IoT comes online, securing OT and IoT devices becomes more and more critical. It is also extremely important that businesses pay close attention to how remote access can be utilized and what could happen if that access falls into the wrong hands.

“Given the importance of critical infrastructure to national security and America’s way of life, accessible OT assets are an attractive target for malicious cyber actors” says CISA (the U.S. government’s Cybersecurity and Infrastructure Security Agency). In 2021, the FBI, CISA, the EPA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a warning after threat actors gained unauthorized access to a SCADA system at a drinking water treatment plant in Florida and allegedly attempted to poison the water supply[4].

There are some hacktivists who feel the only way to get through to informing people of the importance of OT cybersecurity is to draw attention by hacking industrial systems. Their goal is not to cause harm, but to scare people enough to get their head out of the sand so they can begin to comprehend the magnitude of what could go wrong. One example was the case of GhostSec in July 2022, which claimed to cause an incident at a power plant in Russia. The hacktivist group then claimed the attack was ‘executed with 0 casualties in the actual explosion due to our proper timing while performing our attacks.’[5]

David Krivobokov, security researcher at Otorio, commented, “The fact that operational, ICS systems are connected directly to the internet without any proper security measures, really lowers the bar to these kinds of threats, which makes it more effective to exploit OT infrastructure in order to scare the public rather than defacing a website”[6].

The Waterfall 2023 Threat Report shows that over the past year, there has been a 140 percent increase in the number of cyberattacks with over 150 industrial operations affected. According to company projections, if this growth rate continues, there could be up to 15,000 industrial sites shut down due to cyberattacks within the next five years. In a large fraction of ransomware attacks, IT networks are the first networks compromised. Thus, industries whose physical operations and OT automation systems are heavily dependent on IT systems are more likely to suffer physical consequences when ransomware enters their IT networks[7]. In 2022, the total amount of money received by ransomware actors amounted to 457 million U.S. dollars[8].

OT cyberattacks tend to have more destructive effects than those in IT since they can have physical consequences (ex. shutdowns, outages, leakages, explosions, chemical imbalances, etc.). Strengthening OT cybersecurity can be challenging since it presents barriers in multiple areas including technical expertise, knowledge of legacy and remote solutions, clarifying role responsibilities between IT and OT, along with shortage of trained OT cybersecurity professionals. If your business is looking for a partner who understands OT cybersecurity, talk to Red Trident today.

[1] https://blog.checkpoint.com/2022/01/10/check-point-research-cyber-attacks-increased-50-year-over-year/
[2] https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf
[3] https://www.cloudwards.net/cyber-security-statistics/
[4] U.S. Gov Warning on Water Supply Hack: Get Rid of Windows 7 – SecurityWeek
[5] Mandiant reveals hacktivists increasingly targeting OT systems, raising likelihood of actual and even substantial OT incidents – Industrial Cyber
[6] Hacktivist Attacks Show Ease of Hacking Industrial Control Systems – SecurityWeek
[7] Waterfall 2023 Threat Report detects OT cyberattacks with physical consequences increasing exponentially – Industrial Cyber
[8] Annual ransomware payments global 2022 | Statista