Industry executives and experts share their predictions for 2024. Read them in this 16th annual VMblog.com series exclusive.
Cyberattack Growth Against Critical Infrastructure & Factories
By Eran Fine,
CEO and Co-founder of NanoLock Security
As worldwide financial instability continues, most
regions will see a massive surge in cyberattacks in the industrial sector.
While ransomware is more commonly reported as the main avenue of
cyber attacks, OT (operational technology) attacks are significantly more
impactful. Most organizations have more focus on IT and less of a focus on OT ,
however, OT attacks can have the most impact - completely shutting down
production.
And things are just going to get worse.
Large and mid-size companies - who
don't have the same budgets as enormous multinationals - will be particularly
attractive targets as they will find it hard to protect their offshore sites
and maintain good practice among their large number of employees and suppliers.
The sectors that will be most targeted are the energy, food, chemicals, and
distribution/logistical centers.
Nation-state actors are getting
more aggressive with their targeted attacks. China and the United States are
fighting semiconductor wars; therefore, companies that produce critical rare
earth materials will become a clear target.
It will be the same with energy
companies and even food and beverage manufacturers and suppliers as attacking
those sectors will impact demand and dependencies on a wider scope, affecting
everyone from local producers to nationwide suppliers.
In addition, when the global military
conflicts slow down, Russia, Iran, and North Korea will need to find other ways
to keep their cyber attack teams busy, so expect a massive increase in infrastructure and manufacturing
attacks.
Slow and Fast Approaches to OT
In the United States, the regulatory environment is still lagging behind
the rest of the world. Many of the new cybersecurity regulations are actually
"recommendations," when it comes to OT security. However, the
number of attacks in the OT sector are going to seem to double, triple, or even
quadruple, not because the percentage of attacks has necessarily gone up, but
because some of the new US regulations mandate
reporting of cyber incidents.
This may
lead to a Y2K moment in OT security. Right now, it seems as if it is a problem
that's far away, so it isn't a priority. However, a major incident will occur
with even broader reach than the Colonial Pipeline attack - perhaps significant
loss of life or a countrywide issue - and then it will be a mad rush to
implement OT security.
The Role of AI
The rapid
development and exponentially lower cost of AI benefits threat actors as well.
As AI gets more efficient, it will be very easy to buy and use "plug-and-play"
automated attacks. One or two threat actors can now do the work of many.
The large language models make it easy to translate attacks, so
multilanguage programming barriers will disappear. The same attack built for an
English-speaking nation can be effectively translated into multiple languages,
allowing threat actors to increase the breadth and depth of their attacks - and
their wealth.
Threat Actors'
Effect on Business Operations
The C-level will start to change its discussions from just IT to
focus on OT, especially under pressure from the major consulting companies like
KPMG, PWC, Deloitte, and EY, that will be pushing OT network modernization.
Therefore, risk officers and CFOs will pay more attention to the risk posture
of OT network and need to increase budgets accordingly.
However, the complexity of OT security implementations may be more
challenging than the existing IT and cyber teams can handle, so the big four
and other OT security companies may see increased budgets from their clients.
Some of those budgets may need to be spent, though, on change
communications, as the security teams and the plant managers may not see
eye-to-eye on how to implement stronger OT security.
The Future of
OT Security Generally
IT security, OT, security, IoT security - eventually those monikers
will fall away, and cybersecurity will just be cybersecurity, in the most
universal sense. It will cover every aspect of a business, from remote
endpoints to the machines on the factory floor. It will continuously be a fight
to stay one or two steps ahead of the threat actors, who benefit from
technological advancement as much as the production lines.
It's a long-held truism that a cyberattack is a when, not an if, for
every organization. Prevention needs to become a larger factor than mitigation
and investigation. It will happen, but it is going to take time.
##
ABOUT THE AUTHOR
Eran Fine is CEO and co-founder of NanoLock Security, which provides
device-level, zero-trust OT cybersecurity, preventing outsider, insider, and
supply chain events in mission-critical industries. Eran is an entrepreneur and senior manager
with more than 20 years of international experience in founding, managing and
leading high-tech companies. Previously, Eran was the founder and CEO of OREE¸
which was subsequently sold to JUGANU.