2021 was a good year for cyberattacks from the criminals’ point of view.
We knew from FBI reports issued in March 2021 that cyberattacks in 2020 increased 69.4% compared to 2019. The U.S. commerce secretary in June made it clear that cyberattacks are at best here to stay and at worst, well, are going to get worse.
This year we saw water supply infrastructures hit in Florida and the San Francisco Bay area; technology companies like Olympus and Kaseya fended off assaults; manufacturers like Global Crane, Kia Motors, Molson Coors, and JBS Foods reported cyberattacks; the massive SolarWinds hack exposed, among other things, the U.S. electric grid; and the attack on Colonial Pipeline threatened the East Coast’s fuel supplies.
“During 2021, a cyberattack occurred every 39 seconds. The world experienced a ransomware explosion, which will likely continue its upward trajectory in 2022,” says Danny Lopez, CEO of Glasswall.
“Attacks like Colonial Pipeline made security tangible for non-security professionals,” says Marty Edwards, VP of Operational Technology at Tenable. “Spikes in gas prices and lines at the pump are something that the everyday citizen, CEO and Congress member can understand. Every board of directors is now interested in what the cyber risk is to their company.”
“Over the past 18 months, manufacturers have had to assess and reassess their operating models, processes and more—just to maintain productivity,” says Jush Danielson at AT&T. “These challenges have evolved into opportunity, as these businesses are taking what they have learned and are accelerating plans to adopt emerging technologies like IoT and 5G to gain visibility into their operations, improve efficiencies in their processes and enable new revenue opportunities. However, initiatives to enhance connectivity and analytics inadvertently expand the attack surface and risk for a breach in an organization’s network.”
So what news on the cybersecurity front ought we to expect to be reading in 2022 and what are the steps manufacturers need to take in order to stay ready for and minimize damage from cyberattacks?
Remote Work Creates Vulnerabilities For Bad Actors To Exploit
“Many organizations were forced into a digital transformation essentially overnight due to COVID-19. Since time was of the essence to move digital for businesses around the globe, security was often an afterthought,” says Jameeka Green Aaron, Chief Information Security Officer at Auth0. “Over the next year, many companies will play catch up to meet security standards for their infrastructure. Those who have not prioritized continuous improvement will fall further behind and struggle in the long run as attacks get more advanced and security needs to be tightened.”
“The shift in labor dynamics brought about by the pandemic will continue to ensure that more work is done remotely,” says Bruce Snell, President of Security Strategy and Transformation at NTT Ltd. “Security organizations will need to be more alert to potential backdoors being put in by well-intentioned IIoT operations staff to allow for remote access but will ultimately be adding an increased security risk. If your plant operations people ask if you can ‘just punch a hole in the firewall,’ don’t just say no, because they’ll most likely find a way around it. Security organizations will need to make better allowances for secure remote access.”
OT Networks Are A Juicy Target For Cyberattacks
“Companies powering the manufacturing sector are acutely aware of how a cyberattack on any part of a supply chain can bring their business to a screeching halt,” says Bindu Sundaresan, Director at AT&T Cybersecurity. “As IT and OT networks continue to converge and the number of IoT devices increases, manufacturers must think of each new connection as a potential vulnerability to their attack surface.”
“For a lot of operational technology, it’s not so much that there are ‘new’ threats, there are usually just pre-existing threats that haven’t been discovered yet,” says Snell. “A lot of IIoT has remained unhacked due to ‘security through obscurity,’ but breaches like the Colonial Pipeline now have more cybercriminals paying closer attention to potential new attack targets.”
“Cybercriminals are rational economic actors and they’re seeing that physical effects of cyberattacks (like those experienced by Colonial Pipeline) can result in 7- and 8-figure payouts,” says Josh Lospinoso, CEO and co-founder of Shift5. “Thanks to the interconnected nature of digital components, operational technology is deeply embedded within the digital landscape.”
“In 2022, we will see threat actors narrow their efforts to capitalize on these issues. These systems were never designed with a witting cyber adversary in mind — they were designed to maximize safety and availability against a wide range of physical operating conditions. We must expect and prepare for an onslaught of cyber-physical ransomware attacks and exploitation of zero-days in OT systems,” continues Lospinoso.
The Human Layer Must Be Aware
“The number one security tool any organization can have is its people. Every person from the back office to the shop floor needs to have at least basic cybersecurity awareness training to help them identify phishing attempts and to know enough to not click on suspicious links or attachments,” says Snell. “Time and time again, the entry point of a breach stems from someone clicking something they shouldn’t have. Just the smallest amount of internal security awareness training can pay huge dividends. Just like physical safety training is a must for any manufacturer, cybersecurity awareness training should be second in importance.”
“Many companies in manufacturing are aware of cybersecurity risks but should do more to mitigate them in 2022,” says Kurt Markley, U.S. Managing Director at Apricorn. “This responsibility is not just with the IT department—everyone in the organization should be accountable for protecting data. Redundancy can help build cyber resiliency in the event of a breach or data-loss event. IT professionals in manufacturing appear to be cautious of technology that poses additional risks but stop short of further protection strategies.”
Third-Party Vendors May Introduce Risk of Cyberattacks
"Manufacturing appears to be more aware of cybersecurity risks than other industries—such as healthcare and education—but other trends still put the industry at risk,” says Markley. “For instance, a recent survey demonstrated that 56% of IT professionals in manufacturing have reported their companies have increased the number of third party vendors. While the industry may be growing weary of disruptions caused by the supply chain, it’s imperative that organizations remain vigilant and implement stringent cybersecurity guidelines, including third-party vendors protocols, data backup guidelines, and cyber resiliency plans.”
“Until now, third-party security risks were most prominent in supply chain attacks like Kaseya and SolarWinds,” says Jyoti Bansal, CEO and Co-Founder of Traceable. “However, in 2022, we will see third-party risks from API integrations increase as cybercriminals increasingly target orphan APIs that are not under central API management. In order to stay ahead of these threats, security teams must be proactive and evaluate their partners’ API security practices.”
Cybercriminals Will Get Even More Crafty
“Rather than targeting and scaling attacks on low-hanging fruit, 2022 will bring new strategies for ransomware operators. They will get more selective about their targets, aiming to strike a balance between making money and dodging a target on their back from law enforcement,” says Edwards. “In order to outsmart this equation, organizations must stop trying to prevent adversaries’ missions and instead prevent them from being worthwhile. In other words, organizations must make sure these missions cost too much to conduct. If the reward doesn’t cover the cost of the investment, threat actors won’t pursue it.”
“Due to their successes, adversaries are going to get craftier in their practices in 2022. The attackers will use a more personalized approach and aim to blend into the network to look like an insider,” says Lopez. “Cybercriminals will target more customer success centers to increase the chances of a big cash payout. Ransomware crime organizations may ask for less and allow for payment flexibility, so they can receive steady income over say 12 to 18 months.”
New Cyberattack Vectors To Prepare For
"As transportation vehicles on roads, rail lines and in the air become more autonomous they are increasingly at risk of cyberattack. Western Australia’s mainline rail network is now fully-automated and more planes and helicopters are unmanned, which means they can be remotely controlled,” says Lospinoso. “Aircraft, trains and ships today run on data which can be remotely accessed. Once an attacker can take control of a transportation operation system or manipulate data on its internal communications network, there’s little to no security. The danger of sabotage and destruction is real. We will need robust security on these systems that lack a human layer of protection.”
“Drones are a very overlooked security concern. As drones increase in commercial use, I predict we will see more hacks directly targeting drones in an attempt to either remotely shut them down or take them over,” says Snell. “As drones become a more common occurrence, providing inspections, site surveys, and other legitimate uses, they can also carry attack tools that could potentially establish a back door into an otherwise secured system. Why risk trying to gain physical access to plant a wireless attack tool in a secured location when you could just fly it in and set it on the roof?”
“In 2022, API attacks will continue to increase, but as organizations place more focus on security, adversaries will meet them with more sophisticated techniques like business logic attacks,” says Bansal. “The central focus will be the flaws in the business logic implementation (APIs), which are entirely different from customer to customer. No two business logic implementations are the same, making it difficult for any one API security solution to provide protection. These implementation flaws will lead to business logic flaw exploits and ultimately API abuse and fraud.”
