The last three years have been marked by the emergence and media coverage of particularly virulent cyber security attacks. In this context, the industrial sector has been targeted. Examples include the Shamoon attack in the Middle East and Southern Europe in the gas, oil and telecom sectors, the Triton attack on industrial control systems and the Stuxnet attack targeting a uranium plant.
by Julien Tarnowski, Managing Director France at ForeScout
These numerous attacks have disrupted cybersecurity codes: they could have had a physical impact on the victim companies. In 2009, Stuxnet was the first cyber attack to damage the physical facilities of the targeted institutions. Since then, attacks aimed at sabotaging/destructing industrial installations; power plants, refineries, factories, etc., have multiplied. The latter showed us that hackers did not lack the ingenuity to reach their goal, whether it was a data theft, a denial of service attack, the destruction of a computer system, the shutdown of industrial production or others.
What are the Major Trends that Manufacturers Need to Prepare for this Year in Terms of Cyber Risks?
With the increasing convergence of operational (EO) and IT technologies, industrial systems are likely to be targeted again in 2019. The concept is not new, but as the attack surface continues to grow, the probability that an attack will succeed in causing serious physical impact increases as well. Before this convergence became widespread, computer attacks had a relatively limited impact in the physical world. Their crime took the form of bank information theft or the compromise of personal data.
However, today, faced with the volumes of private and sensitive data processed in medical and hospital establishments, the public health sector will be among the most monitored by malicious actors on the Internet. Due to the financial problems faced by healthcare professionals, some security breaches will in fact persist, while at the same time the vectors of attacks will be both more personalized and more ingenious. Hackers will double their efforts to implement new attack scenarios and exploit data in a much more creative way. Those targeting the network of health sector organizations will also expose millions of people to varying degrees depending on their nature. In addition, ransomware attacks will continue to provide unauthorized access to millions of personal files, just as social engineering will remain a way to compromise the security of electronic health records.
At a time when digital is spreading to cities through the popularization of Smart City, malicious actors are following in its footsteps. Building Automation Systems (BAS) are like a lever for them to orchestrate major public ransomware attacks. However, as the adoption of smart cities and buildings continues, there will be an increase in the volume of malicious activity and the severity and damage caused.
As you will have understood, cybercriminals are not lacking and will not fail to rely on emerging technologies, such as artificial intelligence, to develop new attack procedures.
The Resistance is Getting Organized!
While organizations continue to face a significant shortage of cybersecurity skills, the emergence of artificial intelligence, with its ability to automate certain tasks, is a real asset for them. With its gradual integration into the security policies of organizations, new roles are expected to emerge in this area. In this context, human-machine collaboration will be essential to stay one step ahead of these opponents.
This year therefore heralds the beginning of a decisive new era in cybersecurity. In this race for speed, will hackers or organizations be able to capitalize sufficiently on technological innovations and stand out? Let’s bet that the adage “strength is strength” inspires professionals and that they are the first to do so.