Trend Micro Incorporated announced research earlier this year revealing that 89% of electricity, oil & gas, and manufacturing firms have experienced cyber-attacks impacting production and energy supply over the past 12 months.
“Across the globe, industrial locations are going digital to drive sustainable growth. But this has invited a deluge of threats which they are ill-equipped to mitigate, causing major financial and reputational damage,” said William Malik, vice president of infrastructure of strategies at Trend Micro.
“Managing these heavily networked IT and OT environments effectively requires an experienced partner with the foresight and breadth of capabilities needed to deliver best-in-class protection across both environments.”
The findings come a year after the Colonial Pipeline ransomware attack, which forced OT systems at the provider offline for several days, leading to major fuel shortages up and down the US East Coast. It is still the largest critical infrastructure (CNI) attack of its kind.
Around half of the industrial sector organizations affected by CNI attacks made efforts to improve cybersecurity infrastructures but do not always have sufficient resources or knowledge in place to defend against future threats.
Of the responding organizations that suffered cyber disruption to their operational technology and industrial control systems (OT/ICS), the average financial damages amount to approximately $2.8 million, with the oil & gas industry suffering the most.
Almost three-quarters (72%) of respondents admitted they experienced cyber disruption to their ICS/OT environments at least six times during the year.
The research also found that:
- 40% of respondents could not block the initial attack
- 48% of those who say there have been some disruptions do not always make improvements to minimize future cyber risks.
- Future investments in cloud systems (28%) and private 5G deployments (26%) were the top two drivers of cybersecurity among respondents.
- The OT security function tends to be less mature than IT on average in terms of risk-based security.
The addition of cloud, edge, and 5G in the mixed IT and OT environments has rapidly transformed industrial operations and systems. Organizations must stay ahead of the curve and take security measures to protect business assets. Improving risk and threat visibility is a curtail first step to a secure industrial cloud and private network.