Note: This blog post also appears on dragos.com
Data regarding recent ransomware attacks and their targets shows that cyber risk for small and medium businesses (SMBs) has increased substantially. Cyber attacks typically get our attention when they hit a major organization or have widespread impact. This could lead to a false sense of security for small and medium organizations, thinking that the threat actors are only targeting large companies. Why would they bother attacking a small organization, when they can make a lot more money, generate significant publicity, and have a larger impact by attacking the big guys?
The answer is that large organizations continue to increase cybersecurity spend every year. They have been strengthening their defenses and making themselves tougher targets. So, cyber criminals and nation states have expanded their focus to include other parts of the ecosystem, namely the supply chain. In other words, small and medium-sized businesses.
But, larger organizations should still take note. While these organizations may be doing the work to increase their security posture and reduce the risk of a significant cyber attack in their enterprise, they must fully understand the risk of a cyber attack on one of their critical suppliers and how that might impact their company’s operations. These large organizations can be key partners in helping small and medium-sized businesses find the necessary resources to strengthen their cyber defenses from the increasing threat of ransomware.
To learn more about these increasing threats and available security resources, read on.
Recent Reports Highlight Increasing Cyber Threats Targeting SMBs and Manufacturing
Below we summarize four significant reports that hit the media in the last few months. These reports address the increasing cyber threats targeting SMBs and manufacturing this and last year.
- Small and medium-sized organizations are victims of ransomware.
According to a report released by the Institute for Security and Technology’s Ransomware Task Force on July 12, 2022, more than 4,000 ransomware incidents were confirmed in 2021, and 70% of them were aimed at organizations employing fewer than 500 individuals. Attacks impacted organizations in 109 different countries, although nearly half were in the United States. Close to half of the victim organizations were in sectors with OT environments* – including Automotive, Electrical and Electronic Manufacturing, Machinery, Oil and Energy, Food and Beverages, Consumer Goods, Chemicals, Pharmaceuticals, Plastics, Mining and Metals, and Packaging and Containers.
*Gartner’s definition of Operational Technology (OT): “Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.” In this blog the term OT includes both industrial control systems and manufacturing environments. - Small and medium-sized business are being targeted by cyber criminals from North Korea.
On July 14, 2022, the Microsoft Threat Intelligence Center (MSTIC) reported that a group from North Korea which calls itself H0lyGh0st has been developing and using ransomware in attacks since June 2021 and has successfully compromised small businesses in multiple countries as early as September 2021. Microsoft reports that victims were primarily small-to-midsized businesses, including manufacturing organizations, banks, schools, and event and meeting planning companies. - Majority of small businesses say they are at greater risk of attack than enterprises.
In July 2022, Cynet released findings from a survey conducted of small and mid-sized businesses. The study found that 58% of participants feel that their risk of cyberattack is greater than larger enterprises. They cited lack of skilled security personnel and the increasingly remote workforce as just some of the factors contributing to their perception. 90% outsource security to a service provider. - Manufacturing was the industry most targeted by ransomware in 2021.
In February 2022, IBM’s X-Force Threat Intelligence Index reported that, “For the first time in five years, manufacturing outpaced finance and insurance in the number of cyber attacks levied against these industries, extending global supply chain woes.” Specifically, 23.2% of the cyber attacks X-Force remediated in 2021 were in the manufacturing sector.
In conclusion, small to medium-sized (SMBs) are aware of their risk of being targeted by cyber attacks, but don’t know what to do about it. The good news is, Dragos is here to help.
Dragos OT-CERT Launches to Provide Free OT Security Resources to SMBs
In June 2022, we launched Dragos OT-CERT. OT-CERT is an Operational Technology – Cyber Emergency Readiness Team dedicated to addressing the OT resource gap that exists in industrial infrastructure. Cybersecurity risks in OT environments continue to rise, and many organizations often struggle with the resources or expertise to address them, especially small to medium-sized businesses compared to large enterprises. OT-CERT was created with these organizations in mind.
Dragos OT-CERT offers FREE resources to help SMBs build their own manufacturing / OT / industrial control systems (ICS) cybersecurity program without hiring any cybersecurity experts. There have been resources available for you to secure your IT environment, for example, those offered by the Cybersecurity & Infrastructure Security Agency (CISA). But until recently, there were no resources for securing your OT environments. We see this as a significant gap, since the impacts of cyber attacks in OT environments can be much more disastrous than in the enterprise IT environment.
OT-CERT membership is free and is open to all OT asset owners and operators globally. Resources are oriented toward small and medium businesses and resource-challenged organizations with OT environments that lack in-house security expertise. Members have access to a growing library of resources such as reports, webinars, training, best practice blogs, assessment toolkits, tabletop exercises, and more.
Following are currently available resources and other resources coming soon. Take a look!
- OT Cybersecurity Fundamentals Self-Assessment Survey. The first OT-CERT resource, released on August 1, 2022, was the OT Cybersecurity Fundamentals Self-Assessment Survey, which is intended to help SMBs to assess how well they are covering the OT cybersecurity basics. The self-assessment is simple, should take less than one hour to complete, and no security expertise is required. Just have one of your plant engineers download it and within one hour you will know where your cybersecurity gaps are. Then what? OT-CERT monthly resources will help you to close those gaps.
- OT Asset Management Toolkit. An accurate asset inventory is the foundation of a cybersecurity program, so the next August OT-CERT resource was an Asset Management Toolkit, consisting of a short 8-minute video explaining asset management, an asset inventory spreadsheet, and a guide. Again, no cybersecurity expertise is required. Plant engineers can simply walk the plant floors and use the spreadsheet to capture the asset inventory in their plants. If you are hit with a cyber attack, you can use that asset inventory as a resource in restoring those assets.
- Self-Service OT Ransomware Tabletop Exercise Toolkit. Next, we decided to focus on incident response in the OT environment. With the prevalence of cyber attacks in OT, we think it is crucial that organizations are prepared to respond should an incident occur. This month’s OT-CERT resource is a self-service OT Ransomware Tabletop Exercise Toolkit. This toolkit will enable SMBs to work through a realistic scenario under non-stressful conditions so that they can identify gaps in their preparedness should they be hit with a cyberattack. Then they can take steps to address those gaps before a real attack occurs. Cybersecurity experts are not needed for the tabletop exercise – the most successful exercises include a range of staff across multiple disciplines and teams, including operators, plant managers, industrial control systems (ICS) support staff, and operational technology (OT) support staff.
- And, More to Come! In the coming months we will provide OT-CERT members with access to introductory ICS/OT cybersecurity courses and modules, so some of your plant engineers and IT staff can increase their expertise in OT security. We will also continue to provide resources for Incident Response: an incident response plan toolkit, and OT backups guidance.
Join OT-CERT Today
If you haven’t joined Dragos OT-CERT don’t delay! Membership is open globally to any organization that owns or operates a manufacturing / OT / ICS environment. Please join, and spread the word to your community and supply chain so we can all work together to raise the security posture of the entire ecosystem – we are only as strong as our weakest link.
We look forward to working with you to safeguard civilization!
Ready to put your insights into action?
Take the next steps and contact our team today.