One of the USA’s largest pipelines was recently attacked by ransomware. This has frankly been one of many high-profile targets in recent months including hospitals, water treatment plants, dams, nuclear power plants and electrical grid infrastructure. With this quarters cybercrime up by 200% compared to the previous quarters it is clear that cybercrime is an increasing problem that is not set to stop yet.
The majority of this quarter’s attackers used ransomware (in 71% of attacks) to try and financially exploit, exposed surfaces. So, what has caused this increase in cybercrime? The answer is integration of systems, by making a company more automated conversely makes it difficult to manage in terms of security. The traditional air gaps that used to be present between operations technology (OT), information technology (IT) and Internet of Things (IoT) is being constantly eroded in the name of progress. This have drastically improved the competitiveness of companies in marketplaces that have become saturated and growth difficult.
More than 70% of attacks are directed towards OT technology due to having multiple layers of data streams that are poorly designed for security. Remember that OT includes plant machinery or industrial control equipment that is typically designed by companies only interested in selling their specific product at a competitive price. These companies only care about security once the market has adopted a position on it in relation to connected systems; at present this has not occurred.
It is estimated on average it takes 17 days to recover a company back to 100% operational effectiveness however as it costs an estimated $250,000 each day during this devastation it is intolerable. If you are a high-profile company if you have not had a ransomware attach or other cybercrime committed against you, it is more than likely that the time will soon come.
So, what can companies do to protect themselves against such attacks? Going back to air-gapping in systems is not possible, you cannot pay attackers that will want more and more over time then the only answer is appropriate security measures.
Interestingly, due to a few useful techniques even if attackers use obfuscation techniques to hide their identity or location it typically fails. Due to the processes used, typically most ovoid arrest through going through different servers in different jurisdictions. Thus, companies don’t have many options when dealing with these types of threats.
Potential Solutions
There is software now coming out that assesses the risk of OT attacks along with other technology systems used by a company. This enables threats to be proactively simulated through mirrored production systems and potential solutions highlighted for each industrial operation. For example, in manufacturing a production line consists of many operations that occur on an assembly to create the final product. Some technologies used can be a challenge to protect relative to the rest of the operations. Risk assessment solutions highlights the risk and allows the administrator to adopt a potential solution to the exposure.
Summary
Due to the colonial pipeline ransomware attack yet another wakeup call to industrial entities is actioning the implementation of risk assessment software. These types of software highlight weaknesses and help administrators plug gaps effectively in integrated technology businesses; these days protecting just information technology areas is not enough. The challenge here is not the lack of a solution against ransomware attacks or the complexity of system utilizing the solution but the exposure of industry to the requirement to professional risk assessment software, for monitoring of real-time changes and continual assessments run on a mirrored simulation. Risk assessment software needs to be part of any industrial entity similar to the expectation of antivirus software.
