Virtualization Technology News and Information
NanoLock Security 2024 Predictions: Cyberattack Growth Against Critical Infrastructure & Factories


Industry executives and experts share their predictions for 2024.  Read them in this 16th annual series exclusive.

Cyberattack Growth Against Critical Infrastructure & Factories

By Eran Fine, CEO and Co-founder of NanoLock Security

As worldwide financial instability continues, most regions will see a massive surge in cyberattacks in the industrial sector.

While ransomware is more commonly reported as the main avenue of cyber attacks, OT (operational technology) attacks are significantly more impactful. Most organizations have more focus on IT and less of a focus on OT , however, OT attacks can have the most impact - completely shutting down production.

And things are just going to get worse.

Large and mid-size companies - who don't have the same budgets as enormous multinationals - will be particularly attractive targets as they will find it hard to protect their offshore sites and maintain good practice among their large number of employees and suppliers. The sectors that will be most targeted are the energy, food, chemicals, and distribution/logistical centers.

Nation-state actors are getting more aggressive with their targeted attacks. China and the United States are fighting semiconductor wars; therefore, companies that produce critical rare earth materials will become a clear target.

It will be the same with energy companies and even food and beverage manufacturers and suppliers as attacking those sectors will impact demand and dependencies on a wider scope, affecting everyone from local producers to nationwide suppliers.

In addition, when the global military conflicts slow down, Russia, Iran, and North Korea will need to find other ways to keep their cyber attack teams busy, so expect a massive increase in infrastructure and manufacturing attacks.

Slow and Fast Approaches to OT

In the United States, the regulatory environment is still lagging behind the rest of the world. Many of the new cybersecurity regulations are actually "recommendations," when it comes to OT security. However, the number of attacks in the OT sector are going to seem to double, triple, or even quadruple, not because the percentage of attacks has necessarily gone up, but because some of the new US regulations mandate reporting of cyber incidents.

This may lead to a Y2K moment in OT security. Right now, it seems as if it is a problem that's far away, so it isn't a priority. However, a major incident will occur with even broader reach than the Colonial Pipeline attack - perhaps significant loss of life or a countrywide issue - and then it will be a mad rush to implement OT security.

The Role of AI

The rapid development and exponentially lower cost of AI benefits threat actors as well. As AI gets more efficient, it will be very easy to buy and use "plug-and-play" automated attacks. One or two threat actors can now do the work of many.

The large language models make it easy to translate attacks, so multilanguage programming barriers will disappear. The same attack built for an English-speaking nation can be effectively translated into multiple languages, allowing threat actors to increase the breadth and depth of their attacks - and their wealth.

Threat Actors' Effect on Business Operations

The C-level will start to change its discussions from just IT to focus on OT, especially under pressure from the major consulting companies like KPMG, PWC, Deloitte, and EY, that will be pushing OT network modernization. Therefore, risk officers and CFOs will pay more attention to the risk posture of OT network and need to increase budgets accordingly.

However, the complexity of OT security implementations may be more challenging than the existing IT and cyber teams can handle, so the big four and other OT security companies may see increased budgets from their clients.

Some of those budgets may need to be spent, though, on change communications, as the security teams and the plant managers may not see eye-to-eye on how to implement stronger OT security.

The Future of OT Security Generally

IT security, OT, security, IoT security - eventually those monikers will fall away, and cybersecurity will just be cybersecurity, in the most universal sense. It will cover every aspect of a business, from remote endpoints to the machines on the factory floor. It will continuously be a fight to stay one or two steps ahead of the threat actors, who benefit from technological advancement as much as the production lines.

It's a long-held truism that a cyberattack is a when, not an if, for every organization. Prevention needs to become a larger factor than mitigation and investigation. It will happen, but it is going to take time.




Eran Fine is CEO and co-founder of NanoLock Security, which provides device-level, zero-trust OT cybersecurity, preventing outsider, insider, and supply chain events in mission-critical industries. Eran is an entrepreneur and senior manager with more than 20 years of international experience in founding, managing and leading high-tech companies. Previously, Eran was the founder and CEO of OREE¸ which was subsequently sold to JUGANU.

Published Friday, October 20, 2023 7:00 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2023>