In the latter part of 2023, Dragos, a prominent figure in the realm of cybersecurity, unveiled a pioneering threat report. Its pages layered alarming statistics revealing a staggering 50% surge in ransomware assaults targeting industrial entities compared to the previous year. The report further uncovered a startling revelation that more than 70% of these ransomware onslaughts were specifically directed at manufacturers. Ben Miller, CISO at Dragos, speaks to Intelligent CIO’s Arrey Bate about key OT cybersecurity trends in 2024, the effects and impacts of attacks on supply chains and steps industrial organisations can take to strengthen their cybersecurity posture.
How has cybersecurity evolved over the years and how have threat groups adapted their strategies to target Operational Technology infrastructure?
Reflecting on the infrastructure developments over the past 20 to 25 years, there’s been a notable shift from highly customised systems to more standardised and interconnected ones. This evolution has simplified vulnerabilities in many ways. However, alongside this, attacks within industrial control systems and the IoT space have also evolved.
Around 10 years ago, adversaries focused on impacting specific devices with significant resources. Now, they’ve expanded their capabilities to affect various devices across different vendors and controller types. This broadened reach demonstrates their increased proficiency to impact multiple verticals and facility types simultaneously. This analysis is evident in the Dragos OT Cybersecurity Year in Review report.
The OT Cybersecurity Year in Review report recorded a 50% increase in ransomware attacks on industrial organisations over the last year – what are some specific challenges manufacturers face?
Manufacturing sectors face tight margins and often lack dedicated security budgets. This results in vulnerable perimeters around production lines, whether in chemical or widget manufacturing. Ransomware attackers typically target corporate environments, lacking expertise in Operational Technology (OT) systems. However, weak security between corporate and OT environments leads to what I call a spillover or collateral damage. Ransomware incidents disrupt production, causing revenue loss. These attacks are opportunistic, driven by the desire to inflict maximum pain on victims.
The report stated that over 70% of ransomware attacks are directed at manufacturers. What are the effects and impacts on supply chains?
Firms facing downtime, whether short-term or extended, experience a noticeable decline in trust and contractual integrity, leading to potential disruptions.
Another concern during a ransomware attack is the risk of an organisation transmitting the ransomware to its customers which amplifies supply chain vulnerabilities. This extends to service providers and various connectivity avenues, posing threats to both customers and workforce rights.
What steps can industrial organisations take to strengthen their cybersecurity posture, especially where patching is not always feasible?
In the business landscape, a company’s most crucial assets are its production systems, whether generating electricity or manufacturing goods. However, many IT and cybersecurity departments, despite safeguarding email and other aspects, lack a comprehensive understanding of these operational systems. This deficiency poses significant challenges, particularly regarding cybersecurity’s ability to monitor and protect revenue-generating processes.
With threats like ransomware looming, early-stage attacks within these critical systems often go undetected due to a lack of visibility and understanding. So, talking about the steps industrial organisations can take to strengthen their cybersecurity posture – especially where patching is not always feasible – the starting point should be for organisations to address this visibility gap and apply efforts to enhance insights and monitoring capabilities within operational environments.
How important are coordinated efforts from government agencies, security vendors and industrial organisations in building a risk-based response to OT threats?
At Dragos we operate an intelligence team that provides regular global insights. These insights inform technology development for detecting threats.
Some of our best wins have come from collaborating with our partners including government agencies, but also working with Original Equipment Manufacturers (OEMs) on the equipment that is infected, to bolster overall cybersecurity. We often test patches and give them better guidance to enhance protection measures. These joint product development, advisories and patch testing results in comprehensive solutions.
How does Dragos contribute to enhancing the cybersecurity resilience of businesses, particularly in terms of threat detection, response strategies and collaborative efforts?
Dragos is a technology company that offers asset detection services to identify critical assets in an environment and assess vulnerabilities and malicious behaviours. We provide insights into potential threats like ransomware groups targeting industrial environments and aiding facility teams in threat mitigation. Recognising the early stages of security programmes in many customer environments, Dragos provides assessment services and deploys technology to address skill shortages and security challenges. The Dragos Platform provides visibility into ICS/OT assets, vulnerabilities, threats and response actions, and supports with forensics and OT-specific playbooks.
We also recognise that many of our customers are in the early stages of their security programme within these environments and that’s where our services teams come in to provide assessments and use our technology to deploy and understand areas our customers don’t have the skillset to address.
Dragos has unmatched experience securing industrial assets across vertical industries. We understand industrial adversaries better than anyone and our experts are the leading authorities in ICS/OT cybersecurity, with real-world experience with landmark attacks on OT networks.
To organisations that want to take the next steps in their industrial cybersecurity journey, regardless of where they are on their ICS/OT cybersecurity journey, we have the products and services required. We can help on the path to success.
What innovations or strategies do you foresee as crucial for the future of OT cybersecurity?
In the realm of OT, the challenge lies in dealing with long equipment life cycles spanning 10–20 years. This makes innovation difficult thereby hindering progress in areas such as Digital Transformation. However, there’s a clear trend towards digitisation and business enhancement. The key strategy lies in IT and security teams partnering with businesses, understanding their unique challenges and establishing tailored solutions. Success in the OT cybersecurity space hinges on fostering relationships to drive human progress forward.
Click below to share this article
