We’ve seen in the past year how the global pandemic is accelerating technology adoption as companies innovate to compete in an increasingly digital economy to meet evolving consumer demands. This is a positive development and will enhance the global economy’s recovery and its long-term sustainability. But with digital transformation comes risk, and the implementation of new and innovative digital technologies without the appropriate safeguards can come at a very real financial and operational costs.
Despite best intentions, unsecured innovation continues to feed a growing and increasingly sophisticated cybercrime industry, with the financial cost of cybercrime being described as the greatest transfer of economic wealth in history. The cost of cybercrime globally continues to grow annually, money that could be channelled towards building a more resilient, digital economy. While digitization offers many opportunities to create a more robust economy, the reality is that as our economy rapidly evolves to embrace Industry 4.0, so do cybercriminal’s strategies and approaches to undermine security and boost their coffers.
For cybercriminals, business is booming. This rogue sector’s bottom line is fed by the damage and destruction of data, theft of money and intellectual property, embezzlement and fraud while the victims have to accommodate the related costs created post-attack disruption to business operations, forensic investigation, the restoration and deletion of hacked data and systems and reputational harm. In sum, it has become very big business.
The threat landscape constantly evolves as hackers become more ambitious. The latest targets are industrial control systems, where new risk scenarios have emerged as the systems that control critical infrastructure become connected to the internet. Just last week, Colonial Pipeline, a top United States fuel pipeline operator, was forced to shut down its network – the source of nearly half of the US East Coast’s fuel supply – after a cyber-attack involving ransomware. Fuel prices jumped days after the attack, when it was apparent that not all the systems were restored. This follows the recent SolarWinds breach that saw hackers infiltrate the IT infrastructure of top U.S. Fortune 500 companies and potentially compromising industrial control systems through backdoors in IT networks
This has been described as the largest and most sophisticated attack the world has seen. In between SolarWinds breach and the Colonial Pipeline cyberattack, another news broke of hackers hijacking the controls of the Florida water management system, injecting more chemicals which could cause adverse health effects.
While two are linked to critical public infrastructure and the other affected large government and the majority of Fortune 500 companies, all attacks demonstrate the increasing vulnerabilities created by the increasing digitization of industrial control systems. Confronted by this escalating risk landscape, there are three important measures that companies can take immediately:
- Implement network segmentation strategies: This means building a shield around your key data, your operational assets and your weakest links, which tend to be vulnerable, ageing and hard to replace legacy technologies. Appropriate segmentation improves an organisation’s security posture and helps harden the controls network. Experts recommend the use firewalls, data diodes and routers for greater control of data flows, as these can act as a layer of protection between your business systems and your ICS. Where possible, set up ‘demilitarised zones’ (DMZ) between the ICS and business IT networks, and direct all communication to and from the ICS through the DMZ to avoid exposures. It’s also important to implement network monitoring and logging of activities on the ICS network to detect unauthorised activities. Even in well-segmented networks you need to be vigilant about back doors inadvertently created. For example, equipment manufacturers and vendors often remotely extract data from machinery to monitor and optimise it.
- Eliminate the human factor: People are your greatest risk but also your greatest asset in combatting cybercrime. Understand how people and devices connect to your systems, including how you allow third parties to connect. Consider how operators access control systems and what your password management practices are, including how often they are updated, how simple they are, and if multiple people share the same usernames and passwords to access important systems. This level of understanding will help you shape communication and training to address vulnerabilities and put in place security systems and protocols best suited to your business.
- Build a security culture: Think of your workspace as a safe zone, where you need everyone to be committed. Action shouldn’t be only top-down. It has to include those from the bottom-up of an organisation to make a difference. For example, if someone picks up a USB, an automatic thought may be to plug it in and play it, to check for clues as to who the content might belong to. But what if that USB contains malware? Anyone can be a weak link in an organisation, so it’s important to create a strong security culture, backed by training and continuous enhancement of your security systems.
We live in unprecedent times, faced with unprecedented levels of cybercrime and an evolving threat landscape. Responding to this challenge requires a commitment beyond an organisation’s IT function. Rather, it has to be a whole-of-organisation commitment supported by a security culture that’s informed by best practices and led from the top.
While there are encouraging signs that business leaders are more aware of the threat cybercrime presents, there is a long way to go to improve protection and halt the staggering gains generated by cybercriminals. There is no time for inaction or indifference, particularly given the transition to remote working and its impact on the threat landscape coupled with a critical shortage of cybersecurity capability globally. Not unlike the community policing schemes that were implemented in neighbourhoods to spot and report on suspect activity, the best way to check the growth of an increasingly rampant cybercrime industry is shared ownership, supported by the right information and tools to promote community vigilance and safety.