As the proliferation of digital technologies continues to impact the way every industry works, cybersecurity challenges that did not previously exist are being introduced at an alarming rate. The sheer amount and sophistication of these breaches has increased in recent years, putting companies in every industry at risk.
The increased adoption of digital technologies is transforming every sector of business and the impact of digital transformation ensures the industrial sector is no exception. In a world where human error, online criminal activity and espionage serve as very real threats to industry businesses, the need to secure industrial control systems (ICS) and the networks they operate on from the risk of cyberattacks cannot be understated.
Depending on the industry, each ICS functions differently, but generally the systems are built to electronically manage different tasks in an efficient manner. Whether a supervisory control and data acquisition (SCADA) system, a distributed control system (DCS) or another control system configuration such as a programmable logic controller (PLC), the devices and protocols used in ICSs today are utilized across nearly every industrial sector and critical infrastructure, including the manufacturing, transportation, energy and water treatment industries, to automate or remotely control product production, handling or distribution.
Today, cybersecurity incidents have the potential to result in considerable damage — both to a company’s bottom line as well as to its reputation. In fact, according to IBM and Ponemon’s 2018 Cost of a Data Breach Study, an industrial data breach has a per capita data breach cost ($152) which is higher than the overall mean across industries ($148).
Making matters worse, the consequences of industrial incidents are often far greater than the associated financial and reputational losses, as incidents in ICS environments can lead to: death, long-term environmental impact, fines from regulators, customers or partners who have been put at risk and other dangerous ramifications.
While certain organizations, including oil and gas companies have what could be defined as “critical” industrial processes with specific risk models due to the sensitive nature of their infrastructure, organizations with non-critical infrastructure are not as heavily regulated as companies with officially “critical” infrastructures. These organizations with non-critical infrastructure have more independence on the decisions related to how to protect, or not to protect, their industrial network.
Today, widely available software applications and internet-enabled devices have been integrated into most ICSs, delivering numerous benefits but also increasing system vulnerability. It is essential in today’s operating environments that all companies are hyper-vigilant and aware of the potential risks to their ICS in the wake of recent industrial cyberattacks. As uncertainties continue to emerge in the field of ICS cybersecurity, knowledge surrounding those risks is still developing and businesses must keep up-to-date on the latest threats to protect their most sensitive data and important infrastructure.
Despite the rising threat of cyberattacks on computer-controlled industrial systems, manufacturers, utilities and other users of these systems are often hesitant to adopt common security technologies due to their concern that new technologies will impact their system’s performance.
Because many of these environments still use legacy systems that are not or cannot be properly patched and secured, industrial networks can be easily compromised. In fact, 2017 saw global ransomware outbreaks WannaCry and NotPetya cause widespread disruption across all industries, including manufacturing and other industries that rely on ICS networks. Although the WannaCry malware was not explicitly designed to target industrial control systems, it managed to infiltrate ICS networks and in some instances, led to the downtime of industrial processes.
Among businesses impacted were Romanian car manufacturer Dacia and global car manufacturer Nissan. Dacia is owned by France’s Renault, and the attack forced Renault to temporarily halt production at several sites to prevent its spread. Nissan also announced that its U.K. manufacturing plant had been attacked but no major impact on its business was reported.
While last year’s ransomware did not directly affect programmable logic controllers (PLC), unfortunately, a new, more damaging type of ransomware that specifically targets industrial controllers is expected to come online at any moment. In fact, researchers at the Georgia Institute of Technology have already demonstrated a cross-vendor ransomware attack capable of targeting exposed PLCs.
Most ICS environments were not built with cybersecurity in mind because they were designed before the cyber threat existed, and according to many experts, ICS networks remain completely insecure and do not even seem intent on improving their security posture.
While most industrial companies are aware of the need for cybersecurity, many struggle to determine who should be responsible for it. Should it be the security team well versed in cybersecurity best practices or the operational team that knows and understands operational technologies but is not familiar with cybersecurity best practices and is already encumbered with the demanding task of maintaining and ensuring operational safety, reliability and continuity?
Recently, there has been a significant increase in the number of ICS vulnerabilities reported, and even when an industrial organization has mitigated all vulnerabilities, there are still design flaws that hackers and bad actors can easily exploit to compromise an ICS.
In the face of rising threat numbers and the increased sophistication of threats, companies operating industrial control system networks need to be aware of the importance behind staying up to date with their patch management as well as the security solutions available to them. As industrial cyberattacks become even more ubiquitous and global in nature, it’s essential that industrial organizations identify and assess risks, and that they implement the necessary policies, procedures and training to manage these risks, reducing the dangerous impacts that a breach may have on their organization.
Four Best Practices For Security Hygiene
1. Keep Operating Systems Patched
Modern networks have multiple operating systems, utilize hybrid environments, and support remote employees. Research shows that 50% of Windows operating systems are running outdated versions and 40% of Apple devices are operating with outdated versions, leaving them susceptible to attack long after security patches were available. Having a regular process in place for checking for, testing, and applying patches to all OSs is the first step to protecting an entire infrastructure.
2. Update Software Patches ASAP
Apply security updates for software as soon as possible following their release. If organizations aren’t prepared to apply patches and updates regularly, it’s just a matter of time before vulnerabilities in network and applications will be exploited. Delaying patching is a risky proposition and can be minimized with automated patch solutions that deploy patches as soon as they become available.
3. Manage 3rd Party Software
Over 75% of vulnerabilities on the average PC are due to 3rd party applications, and major data breaches (including the Equifax hack) were caused by unpatched vulnerabilities found in 3rd party software. One of the reasons 3rd party software is left unpatched is lack of visibility around which applications are present within a large network. With the growth in cloud-native applications that can be installed by any employee, it is critical that IT departments track and patch all 3rd party software on their networks.
4. Manage Endpoint Configurations
For strong endpoint security, you need a complete and continuously updated inventory of all devices, including PCs, laptops, IoT wares and peripherals. Cataloging all of these endpoints and capturing off of their details gives you complete visibility into all of your endpoints, their hardware specs, installed software, locations, users, vulnerabilities and configurations. Effectively monitoring your endpoint vulnerabilities is key to ensuring infrastructure security.
As cybersecurity strategies mature and innovative solutions such as Automox continue to emerge, technology organizations that tie their cybersecurity efforts to real business needs and objectives will gain confidence in their ability to deal with the increasingly sophisticated threats that occupy today’s ever-changing and dangerous digital landscape.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.