Digital transformation

Industrial cyberattacks are on the rise. Technology and your people can stop them.

Exploring new horizons and technologies? Here’s how to keep your industrial business safe from the growing risks and severity of cyberattacks.

Share article

industrial cybersecurity training

The industrial sector didn’t have much cause for cybersecurity before. In the 20th century, there were few computers and little use of the internet in the manufacturing process. The internet of things (IoT) and the rise of operational technologies (OTs) – automated systems responsible for operating machinery safely – has changed all that. With fatal cyberattacks on the rise, it’s time to take your cybersecurity seriously and work with your people to help minimize the risks.

Digital transformation is transforming cyber-threats

As manufacturing plants and sites are becoming more digital, cyber-threats are growing. There’s a significant rise in devastating cyberattacks, for example, ransomware like LockerGoga crippling industrial organizations, either by shutting down operations or demanding costly ransoms. The good news? There are simple steps to take, which can limit the chances of it happening to you.

Corporate revenge? Hackers for hire? Cyberwarfare? Collateral damage of malware? Motivations and reasons behind industrial cyberattacks vary, but the stakes are sky-high for plants and businesses. If industrial OT systems are hacked and large machinery is compromised, there could be fatalities.

Triton: Why industrial cyberattacks could cost lives

Let’s explore a previous industrial cyberattack.

Triton is malicious software (malware) used to target Triconex, a Safety Instrumented System (SIS) – sensors and software to reduce safety risks in industrial settings – used in power stations and petrochemical plants. In 2017, hackers attacked a Saudi Arabian petrochemical plant with Triton. But, luckily (and somewhat ironically), a bug in the malware halted the attack in its tracks.

The hackers’ intentions were unknown, but the infiltration of the system could have put the plant and its workers in jeopardy.

Could it have been stopped otherwise? Yes, but only with the right cybersecurity measures.
There’s a significant challenge here: IT security is new to industrial workplaces, and it’s only been a requirement in the last decade; in some cases, it’s non-existent. Plus, many IT teams and engineering squads don’t have the training to work effectively together to spot a threat that’s unfolding in real-time. OT engineers may be unaware of how to detect the signs of an attack and look for other faults like machinery, human error or asset misconfiguration.
Want to protect your business? Update your security systems and start training your workforce.

How to minimize the chances of a cyberattack

Let’s explore how to defend operational technologies (OT) that operate machines and make them easier to manage and monitor plant safety, among other things.

To start, you need an industrial endpoint security product – software that can help you protect all your devices and network from hackers. This is crucial. Once you have this, you need to use all the endpoint features effectively (this is called system hardening) to make it harder for hackers to get into your network.
Also, use an OT network security monitoring solution (this is usually hardware) to detect the signs of attack on controllers and other equipment.

Why training employees to be cyber-aware is crucial for defending your business

Kaspersky reported 52 percent of enterprise breaches happen after employees’ inappropriate IT use.

With lives at stake, when it comes to cybersecurity, your employees need to know not just what to stay away from but how to keep secure. Here’s how.

Train everyone in cybersecurity

It’s not just IT teams that need cybersecurity training; everyone from engineers to finance managers need it. But, that said, your primary focus should be with your IT and IT security teams. OTs are typically not in their remit. They need time to learn how to secure them and work alongside operational engineers.

Everyone is responsible for preventing an attack. Book in time to train everyone. Differentiate the training for IT, engineers and operations.

Engineer, operations and other groups need theoretical teaching and practical exercises but pitched to their level of expertise. For IT security teams, exercises should include red and blue teaming. Red teams try to attack your organization while the blue teams defend it. This is an attack simulation using real-world cyberattack scenarios and case studies, like the 2015 attack on a Ukrainian power grid. Here, hackers orchestrated a spear-phishing attack to gain access to the operating system, then disabled power across the affected regions for between one and six hours. It’s a practical way to assess the capabilities of your cybersecurity team.

Lockdown activities on corporate devices

Engineers or other personnel may use work devices outside the plant, like when traveling to meetings or other sites. They will most likely use corporate devices for personal use. By browsing social media on a work laptop, employees are exposed to different materials that could be malicious. Using USB sticks from outside your organization can carry a significant risk of bringing malware into your network. Explain the importance of using work devices only for work and not personal use.

Retrain and refresh

Retraining is critical, especially as your organization continues its digital transformation. People forget things, especially if it’s not a day-to-day task. To keep protected, your education efforts must be consistent, not just one-off.

The future of industrial cybersecurity

As the industrial sector evolves, technology like the internet of things (IoT) will become more critical to the success of the industry. Industrial IOT and smart sensors could enable anything from control systems automation to predictive maintenance. As the industrial sector becomes more connected, it will benefit society and improve business productivity. But, like any technological shift, cyber-threats will evolve with it.

By taking measures to secure your technologies and educate your employees, you minimize the chances of falling foul of a cyberattack, saving money and lives.

Kaspersky Industrial Cybersecurity Training Awareness

Sign up for Kaspersky’s Industrial CyberSecurity innovative educational programs based on extensive industrial experience and threat intelligence.

About authors

Semen Kort is a Senior System Analyst at Kaspersky. He develops threat models, standards and cybersecurity courses, and evaluates cybersecurity for industrial facilities.