According to a new study released by Claroty, a cyber-physical system protection company, 75% of respondents said they had been targeted by ransomware in the past year. The new report, "The State of Global Industrial Cybersecurity 2023: New Technologies, Persistent Threats, and Proven Defenses," is based on a global independent survey of 1,100 information technology (IT) and operational technology (OT) security professionals working in critical infrastructure across the industry's industry challenges over the past year, their impact on OT security programs, and priorities for the future.
The OT cybersecurity landscape continues to deteriorate
Research shows that the impact of ransomware attacks on the OT environment is catching up with the impact on the IT environment. A previous survey conducted by Claroty in 2021 showed that 32% of ransomware attacks only affect IT, while 27% affect both IT and OT. Today, 21% only affects IT, while 37% affects IT and OT — the latter of which has grown by a massive 10% in just two years. This trend illustrates the expanding attack surface and the risk of operational disruption due to IT OT convergence.
In addition to the growing impact of ransomware on operations, the alarming financial impact persists. Of the 75% of respondents whose organizations have been hit by ransomware in the past year, 69% have paid the ransom, and more than half (54%) have suffered a financial loss of $100,000 or more. As a result, respondents are likely to have a high demand for cyber insurance. The vast majority (80%) of organizations have a cyber insurance policy, and about half (49%) choose a policy with an insured amount of $500,000 or more.
As new technologies are integrated into the OT environment, so comes the pressure to deal with increasing threats and economic losses. For example, 61% of respondents are currently using security tools that leverage generative AI, and a staggering 47% said this raises their security concerns.
Given these challenges posed by combating ransomware and integrating new technologies, countries** have recognized the need for industry regulations and standards that are currently driving OT security priorities and investments. Forty-five percent of respondents said the TSA Security Directive had the most significant impact on their organization's security priorities and investments, followed by CDM Defend (39 percent) and ISA IEC-62443 (37 percent).
Yaniv Vardi, CEO of Claroty, said: "Our research shows that there is clearly no shortage of challenges for OT security professionals, but we also see significant opportunities and needs for a mature security posture across industrial environments. Organizations are already working to strengthen risk assessment, vulnerability management, and cyber segmentation practices to defend cyber-physical systems with a high degree of proactivity. ”
While there may be some pauses in the implementation of generative AI, progress and advancements are being made to close the gap in processes and technology:
Network Isolation:Seventy-seven percent of respondents described their approach to network isolation as "moderate" or "mature," which is critical to limiting the lateral movement of cyberattacks through the network, including from IT to OT.
Vulnerability and Risk Management:Seventy-eight percent of respondents described their approach to identifying vulnerabilities as "moderate" or "highly" proactive, a significant increase from 66% in 2021. However, the speed at which vulnerabilities are disclosed and patches are released exceeds the organization's ability to address these issues; As a result, organizations are exploring various risk scoring methods to help with prioritization. The methodology is the Common Vulnerability Scoring System (CVSS), which is used by 52% of respondents globally, followed by the Risk Score for existing security solutions (49%), the Exploits** Scoring System (EPSS) (46%), and the Known Exploited Vulnerabilities (KEV) Directory (45%).
Future Initiatives:The top OT security initiative respondents plan to implement in the next year is risk assessment (43% of respondents choose), followed closely by asset, change and/or lifecycle management (40%) and vulnerability management (39%).
Attacks on industrial infrastructure are common
In fact, attacks against industrial enterprises and critical infrastructure providers have become very common. The Aliquita-based Municipal Water Authority in Pittsburgh recently suffered damage after the Iran-linked threat group Cyber3NGERS forced it to shut down its water pressure monitoring system and change its landing page. The incident turned out to be part of a broader cyberattack that began in late November against water utilities across the United States. But it's not just utilities that are in focus: in February 2022, tire manufacturer Bridgestone launched a new report on Lockbit 20 ransomware groups had to shut down their manufacturing network for several days after successfully hacking into their networks.
Overall, the industrial sector remained the biggest monthly ransomware target over the past year, according to cybersecurity services firm NCC Group. Ransomware attacks increased by 81% in October compared to the same month last year, while attacks targeting the industrial sector typically account for one-third of all ransomware incidents.
Sean Arrowsmith, director of the industrial division of NCC Group, said that due to the recent geopolitical conflict, there has been an overall increase in threat activity, leading to industrial attacks by state-sponsored actors and hacker activists.
"Disabling and/or weakening the capacity of energy infrastructure could lead to limited or even no use by consumers, exacerbating the instability and chaos caused by wars and conflicts," he said. These acts of sabotage affect the most important power dynamics in international security issues. ”
Industry is a huge attraction for attackers
One of the reasons why attacking industrial companies is attractive: operational disruptions lead to a greater likelihood of ransom payments. Typically, a company's propensity to pay for ransomware is largely determined by their revenue – according to Sophos' annual state of ransomware report, smaller companies pay ransomware fees at 36% rather than relying on backups, while larger companies pay ransomware fees at 55%.
Claroty's latest survey report shows that a whopping two-thirds (67%) of victims in the industrial sector pay their fees
"One only has to look at the fact that two-thirds of organizations are paying ransoms to understand why so many organizations are being attacked," said Claroty's Geyer. Operational disruptions have left CIOs in a dilemma, forcing them to make these untenable and emotional decisions. ”
Third parties are another weakness that OT-dependent companies, such as industrial companies and utilities, need to address. For example, according to securityscorecard, a security metrics firm, all of the top 10 energy companies in the U.S. have had a third-party provider that has been compromised in the past 12 months, resulting in a disruption to their business. While only 4% of the nearly 2,000 third-party providers the company tracks suffer direct breaches, this has led to 90% of the world's energy companies dealing with the consequences of these attacks for more than a year.
Rob Ames, a threat researcher at SecurityScorecard, said the MoveIt vulnerability alone affected hundreds of energy companies. "This accusation of a data breach, and then the threat of a data breach, is becoming an increasingly central part of the extortion attempt, rather than the actual deployment of ransomware," he said. I would say that extortion attempts that rely more on claimed ** than actual crypto are a trend and, of course, still financially motivated. ”
With the convergence of IT and OT networks and the expanding attack surface of cybercriminals, the prevalence, diversity, and impact of cyberattacks continue to evolve, and the cybersecurity challenges in the industrial sector continue to grow. Ransomware attacks and the financial and operational losses they cause have clearly revealed this. Unsurprisingly, the increase in ransomware attacks and the payments that come with them will also prompt businesses to opt for cyber insurance. Another consequence of the increase in cyberattacks is that increased industry regulations and standards are directly driving an expansion of security priorities and investments. As generative AI solutions continue to evolve and new and more advanced threats emerge, organizations must adhere to cybersecurity best practices and work with the right CPS security vendor to ensure their unique environment is protected. Strong security leadership, a comprehensive security program, guidelines and frameworks for regulators, and a continuous strengthening of foundational security capabilities are all part of a multi-party effort to ensure cyber resilience and operational resilience.
Article** idle talk on the Internet.
References: