Cyber attacks on industrial assets cost firms millions
Cybersecurity firmTrend Micro has announced new research revealing that 89% of electricity, oil & gas, and manufacturing firms have experienced cyber-attacks impacting production and energy supply over the past 12 months.
"Across the globe, industrial locations are going digital to drive sustainable growth. But this has invited a deluge of threats which they are ill-equipped to mitigate, causing major financial and reputational damage," says Mick McCluney, technical director at Trend Micro.
"Managing these heavily networked IT and OT environments effectively requires an experienced partner with the foresight and breadth of capabilities needed to deliver best-in-class protection across both environments," he says.
The findings come a year after the Colonial Pipeline ransomware attack, which forced OT systems at the provider offline for several days, leading to major fuel shortages up and down the US East Coast. It is still the largest critical infrastructure (CNI) attack of its kind.
Around half of the industrial sector organisations affected by CNI attacks made efforts to improve cybersecurity infrastructures but do not always have sufficient resources or knowledge in place to defend against future threats.
Of the responding organisations that suffered cyber disruption to their operational technology and industrial control systems (OT/ICS), the average financial damages amount to approximately $2.8 million, with the oil & gas industry suffering the most.
Almost three-quarters (72%) of respondents admitted they experienced cyber disruption to their ICS/OT environments at least six times during the year.
The research also found that:
- 40% of respondents could not block the initial attack
- 48% of those who say there have been some disruptions do not always make improvements to minimise future cyber risks.
- Future investments in cloud systems (28%) and private 5G deployments (26%) were the top two drivers of cybersecurity among respondents.
- The OT security function tends to be less mature than IT on average in terms of risk-based security.
- The addition of cloud, edge, and 5G in the mixed IT and OT environments has rapidly transformed industrial operations and systems. Organisations must stay ahead of the curve and take security measures to protect business assets. Improving risk and threat visibility is a curtail first step to a secure industrial cloud and private network.
"Trend Micro exceeded our expectations right from the start, and we haven't looked back since," said David Levine, vice president of Information Security and CISO, Ricoh USA.
"With Trend Micro, you get an immediate reaction, escalation, and communication. Its about effective, innovative tools, coupled with a great partnership."