Good OT Security Tidings for 2024

What better way to start 2024 than a recap of what happened in 2023! Let’s have a look at some of the highlights from our partner, Fortinet’s 2023 State of Operational Technology and Cybersecurity Report to assess the trends.

Significant Improvements, But…

While the number of organizations that did not incur a cybersecurity intrusion improved dramatically YoY – from 6% in 2022 to 25% in 2023 – there is still significant room for improvement. After all, three-fourths of OT organizations reported at least one intrusion during the last year. In addition, about one-third of respondents reported being victimized by a ransomware attack (unchanged from 2022) while intrusions from malware and phishing increased 12% and 9%, respectively.

Attack Surface is Expanding

When a cyberattack occurred last year, nearly one-third (32%) of respondents indicated that both IT and OT systems were impacted—up from only 21% last year. The growing integration of IT and OT networks and data account for the increase. We expect more of it in the year ahead.

To combat intrusions, OT security professionals are upgrading the cybersecurity solutions and services in their industrial networks. Investments in cyber defenses grew in direct proportion with the volume and intensity of OT threats and cyber actor activities. That’s a good sign.

2023 Was a Busy Cyber Year Across the Board

The cost of successful cyberattacks continues to escalate. Here are examples of major attacks and their financial and other effects on ICS/OT/industrial enterprises over the past year:

1. Dole Food Company production shutdown – $10.5M direct cost.
2. SAF-Holland ransomed by BlackCat (ALPHV) – 3-month production backlog costing €41M.
3. GhostSec exploitation of controllers at Galil Sewage, Israel – Disabled an HMI water pump for 1 day.
4. Network intrusion at Baden Steel Works (BSW) – Production shutdown in a plant with 850 employees.
5. Americold ransomware attack – Shutdown of all 250 warehouses for 1 week, breached info on 30K employees.
6. Sandstorm near-miss on Danish critical energy – Narrowly avoided compromising all 22 companies’ OT networks.
7. Lockbit ransomware infects pharma giant, Granules India – Shutdown production for 40+ days.
8. Brunswick Corporation productivity sinks due to cyberattack – $85M due to halted production at several sites for 17 days.
9. Scattered Spider caused chaos at MGM Resorts – $100M revenue lost and $10M in direct costs due to shutdown of 19 sites over 10 days.
10. Attack freezes DP World’s 4 Australian ports – A 10-day backlog of 30K containers.
11. Unitronics PLC CVE-2023-6448 – Outages at 160 households over two days.

Recommendations for Surviving the Cyber Wars in 2024

The pressure on the security of industrial and critical infrastructure operations is getting stronger. What should you do to survive in the highly competitive battle against cyberthreat actors especially in light of the impending NIS2 Directive and new SEC cyber regulations?

1. The first step is to run a Radiflow Security Benchmark to get a complete picture of your OT cybersecurity posture and to see how it stands in comparison with peer industrial organizations in your region and industry.
2. Next, we call your attention to Radiflow ICS security solutions that combine a very rich suite of integrations with complementary solutions, delivering superlative coverage, including secure remote access, CMDB, network security, and SOC systems. These consititute all five of the SANS ICS Cybersecurity Critical Controls for the OT/ICS environment.

SANS – Five ICS Cybersecurity Critical Controls

3. Contact a Radiflow OT Security Expert to help you assess and manage risk in your OT environment according to the requirements of NIS2, IEC62443, etc.

Radiflow’s data-driven CIARA uses Machine Learning and other AI techniques to simulate hundreds of commonly-used security controls against relevant known threats, factored against common OT risk scenarios such as loss of availability, loss of control, damage to property, etc. CIARA quantifies the risk of a given attack to your operations and recommends the most cost-effective mitigation measures.

How close are you to NIS2 and IEC62443 compliance?  What should you do to close the gaps? CIARA will figure it out and tell you.

In the dynamic OT risk environment, once-a-year risk assessments are not enough. CIARA is automatic and works fast. You can run it as often as you like.Your organization can deploy the CIARA Risk Management solution or engage Radiflow’s Risk Management Services to run CIARA for you while you enjoy the cyber-risk benefits.

CIARA calculates and displays risk per site and overall

4. Implement a leading threat detection platform to monitor and protect your operations.

The Radiflow OT threat detection and monitoring platform, iSID, is designed specifically for the cyber-protection of industrial control systems (ICS) and critical infrastructure environments. Deployed by numerous industrial companies and operators of critical infrastructure, iSID continuously secures ICS networks, assets, and operations, delivering:

• Central Management of Security across Regions and Sites
• ICS Network and Asset Visibility
• Prompt Threat Detection
• Effective Response
• Reduced Downtime and Disruption

Your organization can deploy iSID or engage Radiflow’s MDR Services to run it for you remotely.

Monitor the cybersecurity of all your sites from a central location

A Secure 2024

The trends are clear: more cyberthreats and more regulations requiring an increasingly robust security posture.  We’re here to help with leading solutions and services. Contact Radiflow to secure your operations, minimize risk, and comply with the new regulations.