Cyber attacks getting more dangerous – report

By 2025, cyber attacks will have weaponized operational technology environments so hackers can harm or kill humans, marketing and research firm Gartner says in a report. The company predicts that the financial impact of attacks or cyber-physical attacks resulting in fatal casualties will be more than USD 50 billion by 2023.

The company predicts that most CEOs will be personally liable for such incidents. Gartner recommends a ten-point security plan and that companies pay more attention to the protection of humans.

“Attacks on OT – hardware and software that monitors or controls equipment, assets and processes – have become more common. They have also evolved from immediate process disruption such as shutting down a plant, to compromising the integrity of industrial environments with intent to create physical harm”, Gartner said.

“Other recent events like the Colonial Pipeline ransomware attack have highlighted the need to have properly segmented networks for IT and OT.”

RISK MANAGEMENT CHANGE

“In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft,” said Wam Voster, senior research director.

According to the report, security incidents in OT and other cyber/physical (CPS) have three main motivations: actual harm, commercial vandalism (reduced output) and reputational vandalism (making a manufacturer untrusted or unreliable

SECURITY CONTROLS

Gartner recommends that organizations adopt a framework of 10 security controls.

1. Define roles and responsibilities. Appoint an OT security manager for each facility.
2. Ensure appropriate training and awareness. Employees at each facility must be trained to recognize security risks, the most common attack vectors and what to do in case of a security incident.
3. Implement and test incident response. Ensure each facility implements and maintains an OT specific security incident management process.
4. Backup, restore and disaster recovery. Ensure proper backup, restore and disaster recovery procedures are in place. To limit the impact of physical events such as a fire, do not store backup media in the same location as the backed up system..
5. Manage portable media. Create a policy to ensure all portable data storage media such as USB sticks and portable computers are scanned,
6. Have an up-to-date asset inventory.
7. Establish proper network segregation.
8. Collect logs and implement real-time detection. Appropriate policies or procedures must be in place for automated logging and reviewing of potential and actual security events.
9. Implement a secure configuration process.
10. Formal patching process.