Cyber attacks up 89% on electricity, manufacturing, oil and gas firms
Trend Micro Incorporated’s new research has revealed over 89 per cent of electricity, manufacturing, oil and gas companies have experienced cyber attacks impacting production and energy supply over the past 12 months.
The study findings have highlighted the impact of threats to ICS/OT environments a year after the Colonial Pipeline ransomware attack, which forced OT systems of the provider offline for several days, which led to major fuel shortages up and down the US East Coast. It is still the largest critical infrastructure (CNI) attack of its kind.
To compile its new study, Trend Micro polled 900 ICS cyber security leads in Germany, the US, and Japan's manufacturing, oil and gas, and electricity sectors.
Around half of the industrial sector organisations affected by CNI attacks do not always have sufficient resources or knowledge in place to defend against future threats regardless of efforts made aimed at improving cyber security infrastructures.
According to Mick McCluney, technical director at Trend Micro, industrial locations going digital across the globe to drive sustainable growth has invited a deluge of threats which they are ill-equipped to mitigate, causing major financial and reputational damage.
"Managing these heavily networked IT and OT environments effectively requires an experienced partner with the foresight and breadth of capabilities needed to deliver best-in-class protection across both environments," McCluney added.
Out of the responding organisations that suffered cyber disruption to their operational technology and industrial control systems (OT/ICS), the average financial damages amount to approximately $2.8 million, with the oil and gas industry suffering the most.
Almost three-quarters (72 per cent) of respondents admitted they experienced cyber disruption to their ICS/OT environments at least six times during the year.
The Trend Micro research also found that:
- 40 per cent of respondents could not block the initial attack;
- 48 per cent of those who say there have been some disruptions do not always make improvements to minimise future cyber risks; and
- future investments in cloud systems (28 per cent) and private 5G deployments (26 per cent) were the top two drivers of cyber security among respondents.
The OT security function tends to be less mature than IT on average in terms of risk-based security.
The addition of cloud, edge, and 5G in the mixed IT and OT environments has rapidly transformed industrial operations and systems. It has become a necessity for organisations to stay ahead of the curve and take security measures to protect business assets. According to the Trend Micro team, improving risk and threat visibility is a first step to a secure industrial cloud and private network.
[Related: The top 3 tax-time scams Aussies should avoid]