- Home » News » World News
Report blames state ‘actors’ for 60% of industrial cybercrime
A global survey of cyberattacks on industrial control system (ICSs) and/or operational technology (OT) operations, has found that more than half (60%) are led by state-affiliated “actors” and that about a third are unintentionally enabled by internal personnel.
The survey, commissioned by Rockwell Automation, was conducted by the US-based Cyentia Institute and analysed 122 cybersecurity events that included a compromise of OT and ICS operations, collecting and reviewing nearly 100 data points for each incident. It reveals that OT/ICS security incidents are increasing in volume and frequency, and are targeting critical infrastructure, such as energy producers.
Of the OT/ICS incidents studied, 60% resulted in operational disruption and 40% resulted in unauthorised access or data exposure. Broader supply chains were also impacted 65% of the time.
Key findings of the report, called Anatomy of 100+ Cybersecurity Incidents in Industrial Operations, include the facts that:
• In more than half (53%) of OT/ICS incidents, Scada (supervisory control and data acquisition) systems are targeted, with PLCs being the next-most-common target (22%).
• The number of OT/ICS cybersecurity incidents in the past three years has already exceeded the total number reported between 1991-2000.
• Threats are most intensely focused on the energy sector (where 39% of attacks occurred) – more three times as many as the next most frequently attacked sectors, critical manufacturing (11%) and transportation (10%).
• Phishing remains the most popular attack technique (34%), emphasising the importance of preventative measures such as segmentation, air gapping, zero trust and security awareness training.
• More than 80% of threats come from outside organisations, but insiders play an unintentional role in opening the door for attackers in around a third of incidents.
“Energy, critical manufacturing, water treatment and nuclear facilities are among the types of critical infrastructure industries under attack in the majority of reported incidents,” says Mark Cristiano, commercial director of Global Cybersecurity Services at Rockwell Automation. “Anticipating that stricter regulations and standards for reporting cybersecurity attacks will become commonplace, the market can expect to gain invaluable insights regarding the nature and severity of attacks and the defences necessary to prevent them in the future.”
The research suggests that strengthening the security of IT systems is crucial to combatting cyberattacks on critical infrastructure and manufacturing facilities. More than 80% of the OT/ICS incidents analysed started with an IT system being compromised, demonstrating the increased interconnectivity across IT and OT systems and applications.
IT networks allow communications between OT networks and the outside world and act as an entry point for OT attackers. Deploying proper network architecture is critical to strengthening cybersecurity defences. It is no longer enough simply to implement a firewall between IT and OT environments.
Because networks and devices are connected daily into OT/ICS environments, this exposes equipment to sophisticated adversaries in most industrial environments.
“The dramatic spike in OT and ICS cybersecurity incidents calls for organisations to take immediate action to improve their cybersecurity posture or they risk becoming the next victim of a breach,” warns Sid Snitkin, vice-president of Cybersecurity Advisory Services at the ARC Advisory Group. “The threat landscape for industrial organisations is constantly evolving, and the cost of a breach can be devastating to organisations and critical infrastructure. The report’s findings underscore the urgent need for organisations to implement more sophisticated cybersecurity strategies.”
For the report, the Cyentia Institute analysed data from 122 cybersecurity events that occurred around the world between 1982 and 2022.
Rockwell Automation: Twitter LinkedIn Facebook
Cyentia Institute: X LinkedIn Facebook
