By Bill Moore, XONA
As businesses transitioned to hybrid work models in 2021, critical integrations between IT and OT technologies introduced new vulnerabilities that threat actors exploited with shocking frequency and effectiveness.
This was especially true for manufacturers, energy producers, and utilities, which increasingly rely on remote operations capacity to empower distributed teams to engage physical infrastructure from anywhere in the world. As a result, many organizations experienced an ICS/OT cybersecurity incident in the past year, costing companies millions of dollars in recovery and opportunity costs.
With everything from ransomware attacks to data breaches becoming more prevalent and impactful, it’s even more important that those charged with protecting critical infrastructure enhance their defensive postures to meet the moment. As they reflect on their cyber readiness and plan for the year ahead, here are three cybersecurity certainties that should guide their decision-making processes.
- Cybersecurity Incidents Will Become More Expensive
Cybercrime is big business, collectively netting more than $1.5 trillion annually, making it more valuable than many of the biggest companies in the world. Money is the main motivator for today’s threat actors, who often view cybercrime as a low-risk, high-reward financial opportunity.
Therefore, companies shouldn’t be surprised that cybersecurity incidents are becoming more expensive. Most notably, ransomware payments are soaring. In 2018, the average ransomware payment approached $7,000. By 2020, many companies were paying more than $200,000. This year, the average ransomware payment increased by 518 percent, a shocking surge reflecting digital infrastructure’s centrality for many companies’ operational continuity.
At the same time, the cost of a data breach reached a record high in 2021, surpassing $4 million for the first time. With cybersecurity insurance premiums similarly increasing, rapidly, companies are left with little recourse for mitigating the cost of a cybersecurity incident.
While companies may be tempted to rely on previously purchased IT-focused cybersecurity products, the rising costs of failure are a reminder that investing in an OT-specific cybersecurity solution is an investment with tremendous returns.
- Failure to Secure Digital Infrastructure Will Have Real-world Implications
In 2021, cybersecurity failures interfered with manufacturing operations, exposed sensitive data, and eroded brand reputation. Cybersecurity incidents will have even more heightened real-world implications that put people at risk in the year ahead.
For example, looking to leverage access to company networks, ransomware gangs are exfiltrating company data, raising the stakes for victims while increasing their leverage to extract high payouts. This trend will continue in 2022, compounding the consequences of a cybersecurity incident.
Most importantly, as manufacturers, energy producers, and utilities continue integrating IT and OT systems, cybersecurity incidents put public safety on the line. A 2021 event in Oldsmar, Florida, where a threat actor capitalized on an IT vulnerability to access OT capabilities in an attempt to poison the city’s water supply, is emblematic of the challenges many companies and municipalities face.
This year, cybercriminals demonstrated the capacity to instigate fear, uncertainty, and chaos, causing long gas lines, production shortages, and close encounters that make it clear that companies need to prepare for the failure to secure digital infrastructure to have real-world implications in 2022.
- Threat Actors Will Continue to Evolve
Cybercriminals are agile, always ready to adapt to exploit new vulnerabilities and circumstances to maximize impact.
For instance, in November 2021, the Federal Bureau of Investigation (FBI) released a memo to companies completing “time-sensitive financial events,” noting that threat actors are targeting these organizations with ransomware attacks, looking to capitalize on the high-stakes, urgent nature of their work to extract timely payments.
It’s likely that cybercriminals will look to exploit manufacturers, energy producers, and utilities in the same way. However, this tactical adjustment is a reminder that threat actors are continually evolving, and companies need to change too.
Especially as companies continue to adopt experimental workplace arrangements, they need to be more mindful than ever of the ways these changes expose their digital infrastructure to evolving threat trends.
Cybersecurity Risks May Be Likely, But the Prepared Are More Likely to Succeed
Effective cybersecurity practices don’t happen by accident. They are the result of careful assessments, intentional planning, and successful implementation.
The past year was uniquely challenging as threat actors too often gained the upper hand, exploiting new vulnerabilities in IT and OT integrations to wreak havoc among critical infrastructure. Their continued success isn’t inevitable, making today the right time to prepare for tomorrow’s challenges.
About the Author
Bill Moore is the CEO and Founder, XONA, providers of a unique “zero-trust” user access platform especially tailored for remote Operational Technology (OT) sites. Bill is currently working with global power, oil and gas, and manufacturing customers to reduce their remote operations costs and cyber risks. Bill brings more than 20 years’ experience in security and the high-tech industry, including positions in sales, marketing, engineering and operations.