Cybersecurity Ventures' 2019 Official Annual Cybercrime Report, sponsored by the Herjavec Group, predicts cybercrime will cost the world more than $6 trillion annually by 2021, up from $3 trillion in 2015.
We found it particularly interesting that this year's report cites that the manufacturing sector is now the second most vulnerable and targeted industry in terms of cyber attacks, after healthcare. According to Herjavec Group CEO Robert Herjavec, 28 percent of manufacturing organizations reported a loss of revenue last year due to cyber attacks.
The findings in this report should be a wake-up call across the industrial world. Manufacturing-targeted attacks are rapidly growing and need to be addressed as part of each organization's overall security strategy.
In this post we'll take a deeper look at why this is happening, attack ramifications, and steps industrial organizations can take to protect against OT network-targeted attacks.
Growing Attack Surface
The notable growth in cyber attacks against the manufacturing sector can be attributed mainly to the convergence of OT and IT networks, coupled with the knowledge in the hacking community in the ease of hacking these systems. Only a few years ago, conventional wisdom claimed that industrial networks were impenetrable. ICS and SCADA networks were air-gapped from the outside world, which meant that there were limited ways for cyber threats to infiltrate.
This is no longer the case. As manufacturing industries such as food & beverage, automotive, and pharmaceuticals adopt new digital technologies, they are becoming prime targets for cyber attacks. Manufacturers have adopted new connected technologies, like IIoT (Industrial IoT), to enable predictive maintenance and improve manufacturing efficiency. But at the same time these technologies are increasing the exposure of manufacturers' ICS networks to cyber attacks. This is confirmed by Vectra's 2018 report which found that the monthly volume of attacker detections per 10,000 host devices in manufacturing displays substantially more malicious internal behaviors than other industries.
Moreover, today's sophisticated attacks are often designed to traverse from the IT network to the OT network. Such an attack may begin with a phishing email to an unsuspecting employee to penetrate the IT network and then once inside, collect the intelligence (user credentials, etc.) it needs to cross over into the OT network.
From Lost Data to Lost Lives
Cyber attacks on manufacturing companies extend beyond typical cybercrime – i.e., IT data breaches, financial hacks, ransomware, etc. – and seek to penetrate the critical ICS systems on the production floor. Modern discrete and process manufacturers depend heavily on automation and digitalization to ensure high efficiency and minimal down time, while meeting stringent engineering and safety standards. These processes are governed by industrial controllers (e.g., PLCs, RTUs) which – if compromised – could lead to potentially catastrophic consequences.
Consider the implications of an attack on the ICS systems used to manufacture food, chemicals, medicine, or airbags. Even the smallest defect in the production process could have life-threatening results. Thus, from a public safety/health standpoint, the manufacturing sector is no less critical than power and water plants. Not only that, all of these factories and critical infrastructure facilities use the same controllers and face the same vulnerabilities.
Lack of Coherent OT Cybersecurity Strategy
ICS networks were designed decades ago without security in mind. Due to their lack of basic security controls such as authentication and encryption, it's virtually impossible to detect unauthorized access or inadvertent changes to ICS devices. Once the network is breached, an attacker or insider gains unfettered access to all the controllers and can alter their configuration, logic and state to cause disruptions.
On the positive side, security professionals are becoming more aware of the need for OT-specific cybersecurity. However, there still seems to be a "disconnect" between this growing awareness and the number of manufacturing organizations that have implemented effective defense strategies.
What's worse, in a recent Cisco survey 40% of manufacturing respondents indicated that they don't have a formal strategy for OT cybersecurity. This general lack of investment in cybersecurity, combined with a growing reliance on connected technologies, does not bode well for this massive industry sector.
Recycling of Attacks
As mentioned in my colleague's blogpost, the lack of an actionable security strategy and OT-oriented cybersecurity tools has led to a recycling of attacks. Triton, Shamoon and LockerGoga are well-know examples of devastating OT-specific cyber attacks that have hit and then reappeared multiple times over a period of years.
This recycling phenomenon is less common on the IT side, where a single patch implemented in a timely manner can close a vulnerability and prevent further attacks from being repeated. The fact that this doesn’t happen on the OT side is due to both insufficient security awareness across the industrial space, as well as the common inability to shutdown these critical systems to perform patch maintenance. Manufacturers still haven’t internalized the message that they need to protect their OT network as much as if not more than their IT network. This has never been more relevant given the potentially devastating impact of ICS-specific cyber attacks.
More Insider Threats than Ever
Unfortunately, having a security system to detect external attacks is not enough. It turns out that people are the weakest link in the security chain. According to Herjavec, manufacturing executives indicate that four of the top ten cyberthreats facing their organizations are directly attributable to internal employees. This includes disgruntled employees as well as inadvertent mistakes made by trusted engineers, contractors and integrators. Whether making changes to the wrong PLC or incomplete maintenance to DCS systems, these errors can trigger serious operational disruptions.
The report states that more than 90 percent of successful hacks and data breaches stem from phishing emails. This could be remedied by training employees in how to recognize and avoid cyber attacks. To do so, organizations need to invest in security education, which is currently the most underspent sector of the cybersecurity industry.
It's Time to Protect ICS Networks from Cyber Threats
Indegy's key takeaway from the 2019 Official Annual Cybercrime Report is that OT-specific cyber attacks on the manufacturing sector are a clear and present danger.
To address these threats, maunfacturing companies require better visibility and control of their OT networks and critical processes. IT and OT managers need to be alerted immediately to any change in the OT network, including detailed and meaningful information regarding who, what, where and how the change was made. Contextual information can help security teams quickly pinpoint the root cause, enabling fast mitigation and minimal manufacturing disruptions.
As the attack surface continues to grow, industrial and critical infrastructure organizations are reaching an inflection point with respect to cyber threats. Awareness is no longer enough, it's time to take action before they are hit by the inevitable attack.
Find more about Indegy's cybersecurity solutions for the automotive and other manufacturing sectors. Watch the following short video highlighting the cyber threats to manufacturing facilities: