What is OT and IT?
Operational Technology (OT) cyberattacks tend to have higher, more negative effects than those in Information Technology (IT) do, as they can have physical consequences (for example, shutdowns, outages, leakages, and explosions). Of 64 OT cyberattacks publicly reported in 2021 (an increase of 140 percent over the number reported in 2020), approximately 35 percent had physical consequences, and the estimated damages were $140 million per incident. Geopolitical risks in 2022 resulted in an 87 percent increase in ransomware incidents, with 72 percent of the overall rate increase over the 2021 figures coming from Europe and North America (40 percent more in North America, 32 percent more in Europe, and 28 percent more in other continents, compared with 2021 data).
How it happens
Cyber attackers (Hackers) often use ransomware and less-secured third-party connections to hijack OT devices, an action that can stop production and operations. Industrial organizations typically face technical and operational challenges, including the following, when trying to protect against such attacks:
- Legacy systems, which can be 30 or more years old, with old vulnerabilities and limited security controls.
- Limited ability to implement security controls on legacy OT devices supplied before cybersecurity became an issue and managed by OEMs (for example, sensors installed on valves and connected to a network without internal hardening procedures)
- Third-party remote connections to control OT devices connected to an internal network (for example, attackers can strike a vendor-created network and use it to infect other devices)
- Unclear ownership between OT and IT teams makes it difficult to centralize, manage, and govern OT cyber operations (for example, integration of manufacturing execution systems with enterprise resource planning without the introduction of a 3.5 demilitarized zone).
- Risk awareness versus risk tolerance leads to competing business priorities for OT decision-makers who need to decide between increasing productivity and securing devices (for example, increased production versus patch management that could cause an interruption in operations)
- Shortage of combined cybersecurity and automation skills with the required cybersecurity and automation-control-system-specific experience (for example, an expert in OT cybersecurity but lacking automation and process expertise)
- Business, operational, and technical restrictions that mean a continuous process may run for three years before a planned shutdown, which limits the ability of OT teams to patch devices and implement time-sensitive solutions (for example, stopping an energy supply to update an operational server with a security patch)
How we can help
At Dark Rhino Security we are invested in OUTCOMES, period! We understand, control and materially reduce risk from your ICS/PLC system (OT) but also all of the IT systems as well. Combine this experience and expertise with a first-party $1M insured guarantee and you can begin to see the insight we bring to your organization.