Risk Management
ICS & OT Cybersecurity Attack Trends
We explore Trend Micro’s latest research into industrial cybersecurity, including the impact of attacks, maturity of security programs, and recommendations for strengthening security.
Cybercriminals continue to target organization’s critical infrastructure and functions. Colonial Pipelines serves as a reminder of the impact of an industrial cyberattack, just one of the several examples of why CISOs and security leaders need to act proactively to better manage cyber risk. We discuss the findings of Trend Micro’s The State of Industrial Cybersecurity report, including the impact of ICS/OT cyberattacks, as well as provide recommendations to increase cyber resilience in the face of constantly evolving threats.
Impact of industrial cyberattacks
As industrial sectors continue their digital transformation and adopting new technology , they have inevitably opened their systems to cyberattacks. To dig deeper into the impact and cause of ICS/OT attacks, Trend Micro Research surveyed 900 cybersecurity decision makers in the manufacturing, electric utilities, and oil and gas industries across the US, Germany, and Japan.
ICS/OT systems are a valuable target for nation state and nonstate actors. Nation states actors look to compromise critical systems to disrupt political adversaries, whereas nonstate actors seek notoriety and hefty sums from wealthy organizations.
Cybercriminals use a range of tactics, techniques, and procedures (TTPs) to launch attacks. Trend Micro determined that exploitation of remote access, external published applications or cloud services, compromise of internet-accessible devices, and legitimate web browsers were the most popular ways that initial attacks are launched.
How effective are these attacks? Across all three industries, more than half of respondents who experienced a cyberattack said operations were disrupted for four days or more. And this unexpected, extended downtime can lead to production issues; 89% of those surveyed said their supply chain was affected.
Beyond operational impact, ICS/OT attacks can also be costly—the average amount of damage is USD$2.8 million, according to Trend Micro’s survey. This expense isn’t just due to ransomware demands, but sales loss, costs associated with recovery, preventing recurrence, and hiring additional staff.
Trend Micro also found that enterprises suffered multiple attacks and disruptions over a 12-month period. 72% of respondents reported experiences at least six ICS/OT disruptions due to cyberattacks.
Despite multiple disruptions—and the consequences of such—Trend Micro found that less than half of organizations (48%) take actions to reduce future risks.
Maturity of cybersecurity implementation
Enterprises may be struggling to fend off multiple attacks due to the maturity of their cybersecurity program. Trend Micro used the NIST Cybersecurity Framework (CSF) to measure respondents’ cybersecurity maturity level across IT and OT for each of the five framework functions (identify, protect, detect, respond, recover).
Ideally, an enterprise’s cybersecurity program should fit into Tier 4 of the NIST Implementation Tiers wherein businesses utilize advanced adaptive cybersecurity techniques which analyze behaviors/events to help proactively protect from or adapt to threats.
However, Trend Micro found that for IT security, 40% of respondents are in Tier 2 (risks are informed in each function) and 25% in Tier 1 (partial security processes in place). In comparison, the maturity of OT security is drastically less, with the majority (33%) of respondents in Tier 1.
Compounded by a cybersecurity skills shortage of 2.7 million jobs, it’s understandable that many organizations are being repeatedly exploited.
Drivers to strengthen ICS/OT cybersecurity
Unsurprisingly, Trend Micro found that preventing the recurrence of incidents was the #1 reason respondents wanted to strengthen their cybersecurity. The report also found that up until the survey was conducted, requests by a business partner/client/customer and the implementation of the cloud were the next top reasons to strengthen cybersecurity controls for ICS/OT. However, when polled about motivations for the next three years, the second and third drivers for change were different.
The consensus across the three industries was that the adoption of new technologies like private 5G and the cloud coupled with the need to comply with industry regulations to mitigate risks would be the major driving forces behind enhancing their cybersecurity.
Reducing industrial cybersecurity risk
Considering that the OT side of industrial environments reported a significantly lower cybersecurity maturity level than ICS, the implementation of new and necessary technologies could cause further issues. Not only do security teams need to be further educated in best security practices for these emerging technologies, but the digital attack surface is expanding too.
It’s evident that CISOs and security leaders need a security solution that provides holistic, comprehensive visibility across their entire attack surface that enables more proactive protection and analysis to reduce cyber risk.
A cybersecurity platform like Trend Micro One that supports integration with ICS/OT specific tools as well as XDR can help raise situational awareness across this complex environment by correlating threat intelligence and deep activity data from endpoints, devices, users, cloud, networks, and more.
Leveraging a unified cybersecurity platform with IT, OT, and CT-centric solutions and XDR and professional services, delivers security coverage across levels 1 through 5 of the Purdue Enterprise Reference Architecture (PERA). This structural model, now commonly referred to as the Purdue model, helps to organize ICS/OT systems and technologies based on purpose.
Beyond addressing baseline security concerns, a unified cybersecurity platform can help security teams to better understand, communicate, and mitigate cyber risk, a critical requirement to both increase business cyber resilience and executive understanding. Demonstrating how security aligns and supports business goals is the key to getting the c-suite’s support for security investments.
For more information and insights on the power of a unified cybersecurity platform, cyber risk, and how to align the c-suite with cybersecurity initiatives, check out the following resources: