Cyberwar is Changing – is Your Organization Ready?

Some say that a global cyberwar has been raging for many years now, with the latest geopolitical instabilities, malware and intellectual theft campaigns originating from Russia, China, Iran and North Korea directed against many Western and NATO nations (as well as vice versa), being a continuation of the existing silent cyberwar. In other words, the argument goes, nothing has changed, and there is nothing to worry about – unless you’re aligned with a targeted state. 

However, a lot has changed. Today’s cyberwar targets extend well beyond state entities and impacts organizations around the world.

In fact, cyber-attacks against critical infrastructure, manufacturers and tech firms have become so common that CISA has implemented its ‘Shields Up’ advisory, providing updates on how Russia’s ongoing actions are impacting organizations beyond the immediate warzone, along with guidance for preventing cyber-attacks.

Industrial and Manufacturing Are Top Targets

Recently, the trend of cyber-attacks has pivoted to target operational technology (OT) and industrial control systems (ICS) in manufacturing providers for all industries.

The two most notable recent examples include ransomware attacks on Bridgestone Americas and a suspected cyber-attack on Japan-based Toyota plants. The latter attack happened on the same day Japan joined Western countries in restricting transactions with the Central Bank of the Russian Federation. However, please note that bad actors are often driven by monetary reward and not just geopolitics.

Attacks on critical infrastructure increased by 3900% from 2013 to 2020, and 55% of OT security practitioners rate ransomware as the #1 threat to OT systems, double the percentage that rated it as the #1 threat in 2019. Why?

For one, the emergence of ransomware gangs like Conti, who extorted at least $180m from victims in 2021. This is around double the amount extorted by DarkSide/BlackMatter, who were responsible for the well-known attack on Colonial Pipeline. Ransomware is proving to be very profitable for bad actors. 

Whereas aggressors once sought plausible deniability in their attacks, many now seem to pursue cyberwarfare against consumer services, critical infrastructure, hospitals and the like with impunity. Today, cyberwarfare is the most convenient, asymmetrical and cost-effective way for countries and bad actors to conduct warfare.

Cyber Resilience Is Key

Continued migration to the cloud, the move to mobile and BYOD, the convergence of IT/OT/IoT and the sharp increase in remote working have changed how we must approach cybersecurity. As the number of connected devices in the workplace and manufacturing plants grows, the IT/OT and security tools previously relied on are becoming ineffective. 

For critical infrastructure and OT organizations, given the unprecedented geopolitical situation, every organization should, at the bare minimum, be able to answer these questions:

  • What is connected to my network?
  • What are these devices doing while connected?
  • Are there active exploits crossing my enterprise?
  • What is the risk posture of our devices and our organization?

Visibility Gaps

Many organizations do not have the required insight and visibility into their infrastructure, nor do they have all the policies and processes to respond effectively to an attack. If you can’t see your blind spots, you are more likely to be the target of a significant attack.

Ideally, you should be aware of all the processes in the organization and spread them out on a virtual map. This includes every connected IT and OT asset – managed and unmanaged – found within and around the enterprise and network equipment and related devices that connect to the network. Once the map is established, behavior pattern threat detection can detect anomalies in real time and allow for swift action.

It only takes one missed asset to suffer from a cyber-intrusion; therefore, organizations can respond much more quickly and effectively if they have a comprehensive view of all assets. Every time a new high-severity vulnerability/CVE is published, vulnerability analysts can cut to the chase and quickly determine the total risk it poses to the business based on all the impacted assets. Then, based on risk levels to the business, they can define which assets should be remediated first (if possible), quarantined or even taken offline. 

Mapping out all processes and assets is also vital to recovery during a cyber intrusion. Following an attack, organizations can sometimes go down for a day or two, and in unusual cases, it can take months to get back in business. Companies should also push for assurances by independent auditors that their infrastructure can rapidly recover after a cyber-attack. 

Overall, ensuring best-in-class cyber asset visibility and security partners or providers is crucial to any organization’s future security, safety and profitability in this age of cyberwarfare – where any organization can be a target.

What’s Hot on Infosecurity Magazine?