Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the efforts of bad actors to target Airbus by infiltrating its suppliers’ networks.
The story has largely been the same for other industrial organizations, including those that maintain energy utility services. In the second half of July, for instance, Proofpoint observed that malefactors had impersonated the U.S. National Council of Examiners for Engineering and Surveying to prey upon three U.S. utility organizations using spear-phishing emails. A month later, the security firm discovered that those responsible for the attack emails had expanded their list of targeted utility organizations.
Given this surge of attacks, one can’t help but wonder how industrial organizations are doing in their efforts to keep up with industrial cybersecurity (ICS) threats. Tripwire was curious about the same thing and enlisted the help of Dimensional Research to survey 263 ICS professionals working in energy, manufacturing, chemical and other industrial organizations.
These experts’ responses revealed that concern for digital attacks in industrial organizations is high. Eighty-eight percent of respondents told Tripwire that they were worried about an attack. The rate was even higher for survey participants working in the manufacturing and oil & gas sectors at 89 percent and 97 percent, respectively.
When asked to elaborate on their concerns, 93 percent of ICS professionals revealed that their organizations were concerned about the threat of operational shutdowns and downtime. Concerns over the quality of production followed close behind at 86 percent. Meanwhile, company reputation and data exfiltration/stolen data tied at 81 percent of personnel.
Two-thirds of respondents went so far as to say that an attack against their industrial organizations could be catastrophic. Kristen Poulos, vice president and general manager of industrial cybersecurity at Tripwire, said she wasn’t surprised by this finding. She admitted that threats in the industrial space warrant this level of concern:
Cyberattacks against critical infrastructure and manufacturers pose a real threat to the safety, productivity, and quality of operations. In these environments where cyber and physical converge, cyber events can interfere with an operator’s ability to view, monitor or control their processes. Investing in industrial cybersecurity should be a priority in protecting operations from disruption.
Fortunately, many organizations are investing in their ICS capabilities. Seventy-seven percent of survey participants told Tripwire that their organizations have made security-related investments in their industrial environments over the previous two years. Of those investments, education was the most popular focal area at 82 percent of respondents. Assessment came in at second place with investments from 70 percent of organizations. Not too far behind was asset visibility technology at 59 percent.
That being said, it doesn’t appear as though these investments have made a meaningful impact for many organizations. Half of ICS professionals said their organizations weren’t sufficiently investing in industrial cybersecurity. These individuals went on to point out specific areas where investment was lacking:
- Just over half (52 percent) of respondents said that their industrial organizations track a majority of their assets in an asset inventory.
- Thirty-one percent of survey participants said that their organizations lack both a baseline for normal behavior among their OT devices and a log management solution.
- Only about a third (32 percent) of ICS professionals said that their industrial organizations have a security assessment of their assets.
These findings beg the question: what can industrial organizations do to strengthen their security posture against digital threats?
In Tripwire’s survey, more than three quarters (79 percent) of respondents said better training for OT personnel could help. Many would like to also build out their OT teams, but that’s difficult when 88 percent of ICS professionals said their organizations are struggling to find skilled talent. This leaves technology as a means to address the gaps identified above.
There’s just one problem. Eight-four percent of survey participants told Tripwire that they’re concerned about adding new technology to their industrial environments. Poulos feels that a lack of visibility could be playing a role:
Visibility, although the first step, is commonly the biggest hurdle when it comes to protecting industrial environments from cyberattacks. Industrial organizations can gain visibility of their OT networks without disrupting their processes by following methods that meet the unique needs and requirements of OT devices. This includes passive monitoring of network traffic to identify assets and baseline normal activity to spot anomalies and analyzing log data for indications of cyber events.
It’s not always easy for organizations to complete these and other steps on their own. That’s why they should consider investing in a tool that can help them secure their industrial environments. Learn how Tripwire can help in that regard.
To read the full survey click here.