Risks amplify in the connected world
Industry 4.0 has clashed with Covid-driven remote working to significantly expand the cyber attack surface, yet most organisations are unable to protect their cyber-physical systems
The cyber threat landscape has been largely shaped by two major events over the last couple of decades. In the wake of the ‘fourth industrial revolution,’ digital transformation pushed companies to automate and optimise their processes. More recently, the Covid pandemic not only accelerated digitisation but also forced businesses to embrace remote working. Staff and third-parties now access sites remotely. The result of both events is an enlarged attack surface which has given bad actors more entry points, increasing the frequency and impact of attacks.
Despite cybercriminals becoming more sophisticated in the technologies they use to attack companies, ransomware largely remains the weapon of choice. Some of the biggest critical infrastructure shutdowns last year, including the Colonial Pipeline, JBS Foods and Ireland’s Health Service, were ransomware attacks, and a study by Claroty found that 80% of critical infrastructure organisations have experienced a ransomware attack in the last year.
Among those companies, 47% reported an impact to their industrial control system (ICS) environment and over 60% paid the ransom, more than half of which cost $500,000 or more. The majority of respondents estimated a loss in revenue per hour of downtime to their operations equal to or greater than the payout. And even among those who did pay the ransom, 28% still experienced substantial impact to operations for more than a week. It is perhaps unsurprising that manufacturing is the most targeted sector of all, with some 23% of ransomware attacks on manufacturing companies, according to IBM.
“Industry 4.0 is a major driver of this, and we’ve seen a rapid acceleration of the connected environment,” says Simon Chassar, chief revenue officer at industrial cybersecurity firm Claroty. “Ten years ago, there were fewer than a billion devices connected. Today, there are almost 15 billion devices, and by 2025 we are talking more like 75 billion devices connected.”
“Companies are trying to be more competitive, so they’re adding more and more smart devices, which generate more data to fuel insights, automation and improve efficiency and productivity. The CEO of every company, particularly in manufacturing and healthcare, wants to push their top-line revenues and they know digital transformation, adding these connected assets, will help them to produce more and reduce costs. But this is also creating huge risks.”
Cyber-physical systems are especially at risk – the connected devices that control the production process in manufacturing or that keep healthcare operations running efficiently. These systems are all interconnected, and if just one major supply goes down as a result of a cyberattack, there can be a vast impact on critical production lines – as well as, in some cases, the physical safety of production staff. The risk posed by these attack vectors means companies need to be selective on how to progress with digital transformation.
Analyst firm Gartner identified six steps in the maturity of the customer journey when looking at how to secure cyber-physical systems, starting with awareness. Organisations must understand the need to protect not just their IT, but also their cyber-physical systems in terms of their operational technology. According to Gartner, most organisations (60%) are in this awareness step and have secured a directive from the board to do something about it.
The second step is visibility, which presents the biggest challenge. Most companies have almost no visibility as to what assets are connected in the network, leaving them blind in understanding what they actually have to protect. The third step is assessment of the vulnerabilities and risks. A further 30% of organisations are between these two steps.
“That means 90% of businesses are caught between awareness, visibility and assessments. They basically haven’t even started to protect their business,” says Chassar. “They urgently need to be able to progress to the next steps.
Next is firefighting, prioritising the risks and starting to deploy solutions. The fifth step is the actual integration with the stock as well as the different tools in their security infrastructure. Then the final step is optimisation.”
Claroty empowers organisations to advance faster and more confidently through these steps. The company’s unified platform, secures cyber-physical systems across industrial, healthcare and enterprise, integrating with organisations’ existing infrastructure to provide a full range of controls for visibility, risk and vulnerability management, threat detection and secure remote access.
Through its research and engineering teams and thousands of sites deployed globally, as well as its partner ecosystem, which includes industrial giants such as Siemens, Schneider Electric and Rockwell, Claroty has the domain expertise to help organisations secure their cyber-physical systems. The company focuses on three major areas in protecting businesses. First, and perhaps most importantly, is understanding their risks, which means getting better visibility.
“That’s number one, because most organisations don’t understand the vulnerabilities and the risks associated with the assets they have,” says Chassar. “Second is controlling the access. In our platform, we follow a holistic approach by acting like a one-stop-shop, and the control comes from secure remote access. When businesses changed their operations to remote access during the pandemic, it presented a lot of new risk, so this is an essential step.
“The third area is to detect and respond to threats. To do this, we have continuous threat detection in real time with alerts and reports, ensuring companies understand if something is going on that needs to be addressed and mitigated. The combination between our domain expertise and holistic approach is critical for organisations to be successful.
For more information, visit claroty.com
Q&A: Securing the Extended Internet of Things
The extended internet of things (XIoT) is exposing businesses to new cyber threats. Yaniv Vardi, CEO at Claroty, discusses the key vulnerabilities and how CISOs can better prepare
What do you mean when you refer to the XIoT?
Think about everything connected within the four walls of a manufacturing site. You’ve got operational technology (OT), which which consists of the actual assets that are part of the production line; the controllers and human machine interfaces (HMIs); the temperature sensors and other sensors that are part of the production process. Or in a healthcare setting, there are the medical devices, the clinical assets, the MRIs and imaging devices. But then also think about enterprise IoT, such as smart printers, building management systems and humidity sensors. All of it is now connected, and you cannot overlook any element from a security perspective.
To what extent is security designed into XIoT assets in the first place?
Many if not most of the connected assets in the XIoT were not designed with security in mind. These are legacy assets. The controllers in production lines are a good example. They used to be completely isolated and air gapped, so there was little reason for the manufacturers producing them to think much about security. Those legacy assets still exist today. And even though newer assets in manufacturers’ product portfolios have been designed with security in mind, they are continuously operational 24 hours a day, 365 days a year. That makes it really hard to patch or upgrade, which is what makes these assets so vulnerable to cyber threats.
What are the biggest challenges facing CISOs in the XIoT?
The biggest challenge, if you speak to CISOs and CIOs, is they have no visibility of these assets in the XIoT. Their view of OT and IT environments is very much separated. They know everything that’s going on in the IT side, but not the OT side. They’ve had decades of experience managing IT, but OT is really the dark side for them because assets were not previously connected but suddenly now they are – and how can you protect something you can’t see? It’s a big visibility gap, and these assets are typically on the same network as your critical infrastructure and assets. The consequences of an attack on these assets can be dire.
How alert are cybercriminals to these vulnerabilities?
Attackers will always go for the easiest path to get in and they are very much going after the XIoT as we speak, which is why we are seeing such a huge increase in ransomware. Cyberattacks on the software supply chain, meanwhile, are changing the market. The SolarWinds attack at the end of 2020 rocked the business world and brought numerous challenges in 2021. The European Union Agency for Cybersecurity expected there to be four times more software supply chain attacks in 2021 than there were in 2020. However these types of attacks are nothing new. The attack on department store chain Target was nearly a decade ago now. The NotPetya ransomware attacks, which resulted in $10bn of damages, was back in 2017, though we are still seeing the impact today. And it’s not just Russia attacking Ukraine – the impact spreads far beyond that. The software supply chain is really a very significant risk to businesses, as it spreads so quickly through the global markets.
What will separate the winners from the losers of business in the XIoT age?
The winners in the years ahead will be those who go through the full journey to secure their cyber-physical systems. They will gain visibility, understand the network, control access to that network and monitor it for threats. If you haven’t already, you need to start that journey today. The winners will be those that connect security with the business to create real business continuity, deploying solutions with domain expertise. The more critical and complex the environment is, the more specialised the security tools need to be. You cannot just have a generic tool to do that. It’s like getting new doors and windows, smart cameras and alarm systems, but then leaving your window open. That’s exactly what you do when you protect IT but not OT assets. If you have hundreds of proprietary protocols, you cannot simply think that because you already have a security solution for enterprise IoT, firewalls and the like, that it will protect the industrial networks in manufacturing and healthcare settings. It won’t. Attacks will happen, no doubt, and there is an enormous impact on a business when they do. You have to do it right.
For more information, visit claroty.com
Promoted by Claroty