The Honeywell USB Threat Report 2020 called attention to the rising threat facing industrial control systems (operational technology) amid the continued digitization of industrial processes. According to the report, “as the second most prevalent attack vector into industrial control and automation systems, USB devices continue to play an important role in these types of targeted attacks.”
Honeywell found the number of threats facing operational technology nearly doubled since 2018, from 16% to 28%. The potential severity of the threats is also increasing. The percentage of USB-based malware that had the potential to cause a major disruption in an industrial control system increased from 26% (2018) to 59% (2020).
These findings have particular credibility coming from a top-rated company on cyber governance like Honeywell that continues to be a dominant industrial player globally. The increase in cyber risks from the merging of OT and IT in recent years as a result of the continued digitization of industrial processes represents one of the most significant changes that has occurred within the industrial and energy sector in the past decade. Breaches like Nork Hydro have brought the risks into increasing focus for industrial companies, while the recent Honda breach called attention to the growing risks facing the manufacturing sector.
As the rate of corporate digitization has accelerated since COVID‑19, so have the operational disruption risks. While this report focuses specifically on the threat of USB-based attacks, ransomware attacks globally have increased 25% in the three months between 4Q 2019 and 1Q 2020 (Beazley Insurance, Blackfrog Security). The manufacturing sector has experienced a 156% increase in attacks over the same period.
These attacks are also the most financially damaging for companies as operating income drops on average 20% post-breach.
On a relative basis, the industrial sector is a strong performer on cyber governance, though notable laggards such as GE are more susceptible to operational disruption-type breaches. With the prevalence of such attacks on the rise, investors should understand how well companies are positioned to manage these attacks and avoid significant financial losses.