Cyber threats have escalated at an industrial level and companies are challenged to strengthen their detection and response systems so as not to jeopardize critical operations in a highly digitized environment in which a breach of this type can cause impacts in sectors ranging from the energy industry to medical services, as analyzed by A3Sec, a firm specialized in the subject.
Operational technology (OT) is the entire set of software and hardware tools that allow managing, monitoring and controlling all industrial equipment used in different critical activities of the economy.
OT systems make it possible to manage, for example, large critical infrastructures such as a power plant or a nuclear plant, so security breaches associated with these networks can not only generate millions in economic losses but also put the population at risk.
In 2015 malware called BlackEnergy infiltrated several Ukrainian power plants causing the world's first massive blackout associated with a cyber attack. The impact of this hack was large-scale as at least 80,000 people were affected as a result, according to press records.
Since then, these types of attacks have proliferated and have strengthened hand in hand with new technological innovations that are also being exploited by hackers, forcing companies to reinforce their investments to avoid further damage.
The road to smart factories poses new challenges
Companies from all economic sectors are migrating to IT and OT systems to generate operational efficiencies within the framework of industrial automation, which is giving new meaning to monotonous and repetitive tasks to free employees from these functions so that they can concentrate on more relevant aspects that require human curation.
The world is advancing towards the concept of smart factories, in which interconnected devices make it possible to manage large flows of information and specific tasks that previously required great efforts and large investments.
According to figures provided by Deloitte, 86% of the manufacturers consulted in the US considered that smart factories will be the main driver of competition by 2025, while 83% indicated that these infrastructures will transform the way which the products are manufactured.
The path towards the consolidation of the so-called smart factories poses various challenges for organizations and the protection of their infrastructures at a time when sectors such as manufacturing, electricity and oil and gas are increasingly in the crosshairs of cyber attackers.
Pioneering technologies such as SIEM, developed by A3sec, allow organizations to improve their detection capabilities against new threats or already known attacks, shedding light on the risks that are generated and helping to comply with regulations.
Through advanced data analysis and machine learning, it manages to reduce the detection time of data leaks and fraud by up to 70%, while at the same time contributing to relevant decision-making for the security of organizations.
The most vulnerable
According to the State of OT Security in 2022: Big Survey Key Insights report, this year nine out of ten companies in the manufacturing, electrical, and oil and gas industries acknowledged that they had suffered impacts in energy production or supply due to cyberattacks in the last 12 months, which shows the scale of attacks on OT networks.
The greatest consequences of these cyber attacks are reflected in the finances of these companies, since it is estimated that on average these hacks generate associated costs equivalent to US$2.8 million, as they are critical infrastructures that provide key services.
These incidents turn out to be not only expensive but also difficult to overcome, while 56% of those consulted acknowledged that as a result of the hacks they registered interruptions in services that lasted four days or even more.
Regarding the frequency of these attacks, 72% accepted that they suffered six or even more interruptions in their ICS/OT systems in the last 12 months, evidencing the vulnerability of large industries to the diversification of these threats.
Greater investments to close gaps
According to figures from the International Data Corporation (IDC), spending on cybersecurity in IT systems will reach US$47 billion in Europe this year, representing growth of 10.8% year-on-year.
The industries that will invest the most money in cybersecurity will be banking (more than US$6,000 million), the so-called discrete manufacturing (more than US$5,000 million) and professional services (more than US$4,000 million).
“With the increasing volume and complexity of cyberattacks, discrete manufacturing companies are having to secure gaps in their IT and OT cyber defenses, while professional services firms are placing a greater focus on security solutions at the cloud and on endpoints,” according to the IDC report.
Given the dimension of the challenges, companies are aiming to strengthen their capabilities to detect and respond to these threats through first-rate technologies such as automation and data analytics, which allow them to generate efficiencies by being able to identify almost in time real these anomalous practices and activate alerts against already known threats.
Efforts are focused on critical infrastructures and the OT systems that move them, which is why figures from the German statistics portal Statista suggest that the global size of the cybersecurity market dedicated to these spaces will increase to US$24.22 billion by 2030, as cyber attackers focus their efforts on generating increasingly advanced vulnerabilities.