The frequency of cyberattacks on industrial operations has increased in recent years, with ransomware attacks particularly acute in Saudi Arabia, according to KPMG's latest publication on Industrial cyber defense.
The cybersecurity threat to industrial operations has rapidly evolved and expanded over the last year. This is due to several factors, including a shift to more engineering and maintenance remote activities, more remote operation work on production lines and incomplete digitalization efforts.
"Despite the growing threat and public pressure, organizations remain unprepared. Organizations may be facing a paradox of choice. The cybersecurity industry includes myriad services, many of which are relatively new and sometimes untested. Confounded by choices, many organizations end up unprotected," commented Hossain Alshedoki, IT/OT Cybersecurity ENR Lead, KPMG in Saudi Arabia.
Over time, ransomware attacks have become more sophisticated and have changed to achieve their ends by different methods. Additionally, these attacks have increasingly targeted the Industrial Control System (ICS) environments such as oil and gas, and manufacturing.
Ransomware attacks on operational technology (OT) networks soared fivefold from 2018 to 2020. Out of these, manufacturing entities comprised over one-third of confirmed ransomware attacks on industrial organizations, followed by utilities.
The estimated costs of these ransomware attacks skyrocketed — climbing from US $8 billion in 2018 to US $11.5 billion in 2019 and hitting US$20 billion in 2020.
Furthermore, a study by (CS)²AI and KPMG, the Control System Cyber Security Survey 2020 indicated that 10 to 20 percent of respondents did not know whether these components (PLCs, IEDs, RTUs, HMI, Servers, Workstations and Historian) were remotely accessible.
Given the current threat landscape, organizations need to take action today and be better prepared for the evolving threat. Consequently, cyber PHAs - a risk mitigation methodology that helps facilitate a holistic cyber PHA exercise - should resultingly evolve along with the evolving nature of industrial cybercrime.
"Risk assessment teams must be aware of the changing threat landscape and update their work processes and templates in line with those changes. Cyber PHAs should link realistic threat scenarios – that consider new kinds of industrial cyberattacks – with known vulnerabilities and existing countermeasures," said Alshedoki.
A cyber PHA, typically performed in phases, is scalable and can be applied to individual systems or entire facilities or enterprises. While the benefits of cyber PHA are numerous, the most obvious benefit is system security.
A cyber PHA methodology, when implemented correctly, instills practices throughout an industrial system that will prevent most cyberattacks, Alshedoki stated.
"Cyber PHA benefits an organization's broader business practices. Applying a cyber PHA methodology documents an organization's business processes and requires the creation of integrated information security policies, procedures, standards, and controls used within an organization," he concluded.