As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.
Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights about offensive cybersecurity and new logistics and transportation risks.
Below, we’ll unpack the key takeaways from this annual Kaspersky report and provide actionable insights on how organizations should start preparing for the year ahead.
Ransomware will remain the top concern for industrial businesses
Last year, ransomware attacks solidified their status as the largest information security threat. These attacks didn’t just disrupt digital systems but can also lead to significant real-world consequences.
Official statements from affected organizations revealed that 18% of ransomware on industrial business attacks led to a halt in the production or delivery of various products, including medical devices, power grids and transportation systems. The financial fallout from these attacks was substantial, with damage estimates reaching hundreds of millions of dollars in some cases.
Ransomware attacks will lead to severe economic and social consequences
There is now a worrying trend of cyber attackers starting to prefer larger, “upmarket” victims. This is because of their capability to pay substantial ransoms. This situation sets a dangerous precedent, considering that the majority of these organizations play a critical role in the global economy and infrastructure.
For example, a recent attack on DP World, the Dubai-based international container terminal and supply chain operator, completely stopped work at ports in Melbourne, Sydney, Brisbane and Fremantle. This incident blocked the delivery of approximately 30,000 containers and led to a major ripple effect in the global supply chain.
There will be new types of targets and new schemes for monetizing attacks
While potential ransomware victims are unlikely to become fully immune to attacks, they’re still regularly adopting new strategies to mitigate their impact more efficiently. However, suppose these measures result in victims paying less money less frequently. In that case, cyber criminals will be more than likely to innovate their approach and find new targets and methods for monetizing attacks.
One potential avenue for attackers is logistics and transportation. With many of the vehicles in corporate fleets using telemetry, remote diagnostics and other connected technologies, attackers may be able to infiltrate and control these systems by exploiting vulnerabilities in supply chain management software. This could potentially result in major disruptions to transportation networks and cause significant economic damage.
Increase in politically motivated hacktivism
Recent trends are indicating a surge in politically motivated hacktivism, with the FBI warning about increased Distributed Denial of Service (DDoS) attacks. 2022 saw a resurgence of hacktivism on a large scale, particularly in light of geopolitical conflicts such as Russia’s invasion of Ukraine.
However, hacktivism isn’t something new and has been more prevalent in recent years with no signs of slowing. The 2021 attacks on railways and gas stations in Iran claimed by a pro-Israeli hacktivist group and more recent attacks on irrigation systems in Israel and Unitronics Vision hybrid controllers in Vietnam are just some examples of politically motivated cyberattacks.
As political tensions escalate, the threat level posed by politically motivated hacktivism could reach much higher, affecting a wider range of industries and businesses.
Widespread use of offensive cybersecurity
Organizations are turning to more proactive methods of protecting their systems and data as new threats emerge, including strict access controls and data encryption. This includes the use of offensive cybersecurity techniques, including penetration testing, bug bounties and red teaming exercises — in other words, offensive cybersecurity.
Offensive cybersecurity involves actively seeking out vulnerabilities and weaknesses before they can be exploited by attackers. It gives users signs of potential compromise directly from attacker-controlled networks, the dark web and other sources. By adopting offensive cybersecurity practices, organizations can stay one step ahead of actors.
However, the widespread use of offensive cybersecurity also has potential downsides. As it becomes the new norm, the development of offensive cyber intelligence may blur the line between legal and illegal activities. If not regulated properly, offensive cybersecurity could lead to a “cyber arms race” where organizations and governments continuously try to outdo each other in terms of cyber capabilities.
Rapid automation and digitization of logistics and transport may lead to larger security issues
As the logistics and transportation industry rapidly adopts automation and digitization, security is a growing concern. Expanding digital attack surfaces could cause conventional offenses like auto theft, maritime piracy and smuggling to increase as well.
For example, modern cars might face higher risks of cyber theft since they have much more digital technology integrated into them. This also extends to cargo ships and planes. Recent incidents targeting Automated Tracking Systems in the Red Sea and the Indian Ocean, or the 2020 cyberattack on Iran’s Shahid Rajaee port terminal, highlight system vulnerabilities that need to be addressed.
What these predictions mean for organizations
As the cybersecurity landscape continues to shift, organizations must respond proactively to protect their data, operations and reputation. Here’s what these predictions mean for them.
Incorporating more effective ransomware response strategies
The increasing prevalence of ransomware attacks means organizations must be prepared. This involves not only implementing strong preventative measures but also having a comprehensive response strategy in place.
Companies should consider investing in services like threat intelligence and incident response, as well as conducting regular backups of critical data in off-premise storage facilities. Employee training is equally crucial, as many ransomware attacks stem from successful phishing attempts or social engineering that proper education could have prevented.
Prioritizing Investment in cybersecurity initiatives
Improving cybersecurity efforts regularly has become a business requirement for organizations. This includes upgrading existing security systems, implementing modernized security technologies and hiring professional cybersecurity staff.
In the same light, businesses must be aware of current cyber dangers and maintain the integrity of their current security systems so they can respond effectively, year after year.
Strengthening supply chain security measures
As businesses become more interconnected, supply chain security is a major concern. Organizations should ensure that their suppliers and partners comply with strict cybersecurity requirements to avoid exploiting any possible vulnerabilities.
Regular audits and risk assessments help identify potential vulnerabilities and control them before attackers exploit them while building trustworthy partnerships contributes to better supply chain security overall.
Building “offensive cybersecurity” tactics into defense strategy
Unlike traditional defensive security tactics that “react” to cyber threats, offensive cybersecurity introduces a forward-looking approach that aims to disrupt potential cyberattacks before they become a major risk.
This lateral movement in security involves active engagements like threat hunting, conducting detailed vulnerability assessments and performing penetration testing to uncover weaknesses. The strategic application of artificial intelligence and machine learning technologies also helps in analyzing large datasets to spot emerging threat patterns.
Keeping up with evolving threats
Given the growing severity of cyber threats, organizational approaches to fighting them must evolve to stay ahead. By investing in your organization’s cybersecurity programs and laying the groundwork for an effective threat response, you can significantly reduce your attack surface while keeping critical operations secure.
Threat Intelligence Index report 2024
The post ICS CERT predictions for 2024: What you need to know appeared first on Security Intelligence.