We’ve now lived through three significant ransomware attacks — Colonial Pipelines, JBS meat supply and Steamship Authority of Massachusetts — just a few weeks apart. This is in addition to numerous other significant incidents over the past six months, including supply chain attacks with FireEye and then SolarWinds, followed by the attack of a small municipal water system in Oldsmar, Florida, by a foreign actor. This is significant because we’ve never before seen such a rapid succession of cybersecurity incidents with such far-reaching effects. More and more industries are demonstrating they are vulnerable to cyberattacks.

It seems that every week we are seeing another cyberattack affecting the operations of a major supply chain in the U.S. JBS was only the latest victim of a ransomware attack and though JBS got its operations up and running in three days, the attack materially affected its business. We now know that the attack was initiated from an unmanaged account with weak password management. 

Now we are seeing plenty of Monday morning quarterbacking offering many opinions in hindsight about what JBS could have or should have done differently. The fact is the attack on JBS could very well happen to most if not all plants, facilities, commercial enterprises, offices, government installations or any other organizations. Across the spectrum, there is obvious room for improvement when it comes to effectively securing operations. It is only a matter of time before we see the next cyberattack.

In an increasingly online world, IT/OT systems are critical to ongoing operations, and the need for secure interconnections cannot be underestimated. These critical business components have vast reach into all facets of business operations. They have the potential to affect scheduling, shipping, billing, tolling, regulatory tracking and compliance data, just to name a few.

While the federal government may be able to issue executive orders for cybersecurity initiatives within the military and civilian agencies, this impacts a relatively limited sector of our economy. Most recent attacks have taken place at private businesses, and these entities ultimately bear the burden of upgrading their OT systems. Many of them are dealing with outdated technology. Furthermore, it only takes one weak password or a single successful phishing attempt to gain access to an operational system and cause significant damage to a company’s operations.

All companies must be prepared to assess what level of risk they are prepared to take on. No longer can there be the question of: If an attack happens, what will we do? It’s not a matter of if, but when an attack will occur. The only real question left for businesses is to ask: What will we do when an attack occurs? This is today’s business reality.

Assessing your current posture, identifying vulnerabilities, conducting preparedness exercises and formulating a plan that mitigates risk are necessary steps to become resilient. Organization are not alone is realizing these steps. The cybersecurity team of 1898 & Co. has the experience, knowledge and insight to help companies across all sectors become better prepared to mitigate these increasing risks.

 

Preventing and minimizing OT cyber intrusions takes a well-thought-out approach.

Watch the Webinar

by
Marco Ayala is director of industrial control system security and sector lead for 1898 & Co., a part of Burns & McDonnell. A process automation professional, Marco has over 25 years of experience working in petrochemical facilities where he designed, implemented and maintained process instrumentation, automation systems and process control networks.