(844) 627-8267
(844) 627-8267

Physical world meets digital world: Where cybercrime coalesces | #cybercrime | #infosec

U.S. Cyber Command. — The U.S. Air Force

In our modern world, societies rely heavily on chemical manufacturing at both an industrial and consumer level. Yet the industry is increasingly under threat in the digital world; cyberattacks in the sector accounted for nearly a quarter of the global total in 2022.

The monetary cost alone should spark concern, but a sudden shutdown following a cyberattack could mean a worst case scenario becoming reality. It is for this reason that the industry’s protection is crucial. While physical threats pose a danger, threats in the digital sphere fly under the radar, despite carrying potentially devastating consequences affecting both the physical and digital world.

These issues have recently been examined by Mark Clark, VP Sales EMEA North at Onapsis. Clark has been considering how these firms can protect themselves and us from a cyberattack.

Such attacks are becoming increasingly common and sophisticated. A 2021 UK government study, for instance, found that attacks on the chemical industry cost £1.3 billion. Over the years, such attacks have targeted an increasingly varied number of players in the industry.

EU industry commissioner Thierry Breton said cybersecurity risks had informed the European Commission’s decision to ban TikTok on work devices – Copyright AFP Manjunath KIRAN

According to Clark: “In 2017, for example, attackers were able to gain control of vital safety systems at a petrochemical plant in Saudi Arabia. Drug manufacturers, chemical distributors, and even hazardous waste sites are among the other players in the sector to have been impacted by attacks. In January, meanwhile, hackers launched multiple attacks on Israeli chemical factories.” 

Clark further finds: “While no attacks have so far had devastating consequences, the growing sophistication of cybercriminals tied with an increasingly tense geopolitical environment mean that the nightmare scenario is probably closer than it’s ever been. It’s critical, therefore, that chemical manufacturers do everything in their ability to bolster their defences against cyberattacks.”

Increasingly attractive targets

Clark says “It’s worth looking at some of the reasons they’re becoming increasingly prominent targets for attack.”

Expanding on this, Clark adds: “Some of the reasons are obvious. For example, chemical manufacturers know how bad the worst-case scenario could be. As a result, when a cybercrime syndicate takes over a plant, they’d probably be more inclined to meet any of the demands that come with a ransomware attack.”

In terms of the drivers, Clark considers: “Manufacturing as a whole is becoming increasingly digitised. There are obvious merits to that process. Digitalisation has improved processes and efficiency, but it’s also increased the number of entry points that hackers can use to target organisations. It should hardly be surprising then that manufacturing is the most attacked industry, accounting for nearly a quarter of all cyberattacks in 2022.”

Looking wider, Clark expands to: “It’s also worth noting that as geo-political tensions between major powers continue to ramp up, chemical manufacturers will likely become even more lucrative targets for state-backed cybercriminals. Those state-sponsored actors will also know which manufacturers to target in order to do the most damage to enemy states, whether that’s fertiliser manufacturers, pharmaceutical producers, or food producers. These innocuous ingredients in the wrong hands of course can become weaponised, which is why such highly regulated industries need to have appropriate safeguards in place.”

Western allies initially feared a tsunami of cyberattacks against Ukraine's military command and critical infrastructure
Western allies initially feared a tsunami of cyberattacks against Ukraine’s military command and critical infrastructure – Copyright DANISH DEFENCE/AFP Handout

Building the right defences

While cybercriminals are becoming more sophisticated, so are cybersecurity defences. Here Clark raises: “In addition to identifying new threat vectors, leading cybersecurity companies are also constantly identifying new defensive innovations and techniques. But it’s important for manufacturers to partner with the cybersecurity companies that are identifying those threats and creating those new defences.”

Looking into some of the root causes, Clark draws on: “In many places, that hasn’t always been a priority for manufacturers. A US report released in May 2020, for instance, noted the Chemical Facility Anti-Terrorism Standards (CFATS) programme within the Department of Homeland Security found that the relevant guidance hadn’t been updated in more than 10 years.  Of course, a good security provider will go further than just identifying threats and providing basic defence. It will also secure cloud, hybrid, and on-premise business-critical applications and offer proactive vulnerability management, threat detection and response, compliance automation, and application security testing across applications.”

Further with planning, Clark says: “Beyond that, they’ll also work with an organisation to ensure that it has a proper response plan in place in the event of a successful attack. Such a plan will help the organisation minimise any business interruptions and get back up and running as quickly as possible. That not only saves time but also money and the reputation of the organisation among both customers and the wider public. In other words, many possible nightmare scenarios instead become incidents that are easily managed and dealt with.”

Act now or pay the price later

In terms of prioritization, Clark offers: “Ultimately, cybercrime rates aren’t likely to decrease anytime in the near future (especially if there isn’t also a dramatic cooling off of diplomatic temperatures around the world). That means that chemical manufacturers will continue to be attacked in increasingly sophisticated ways. It is important to note that chemical manufacturing is vital to many facets of our daily lives. As such, they should be urgently looking to bolster their cyber defences particularly to avoid punitive penalties from regulations like ITAR and EAR.”

Clark’s final advice is: “The best way of doing so is to partner with cybersecurity providers that have expertise in their fields, understand threat detection and response, can protect critical business applications, and can help them develop and implement response plans in the event of a successful attack.”

Source link


Click Here For The Original Source.

National Cyber Security