Digital Shadows Intelligence analyzed ransomware attack data for 2020 and found that while every business sector was impacted, that Industrial Goods & Services was the subject of 29% of attacks, by far the most of any industry. No other industry accounted for more than 9% of the total. In addition, the most targeted region was North America, accounting for 66% of ransomware alerts, followed by Europe at 23% and Asia at 6%.
The focus on North American and European companies is understandable as commercially-minded ransomware gangs target enterprises with the most ability and willingness to pay the demanded ransoms.
And while every industry and enterprise type has been subject to these attacks, the focus on Industrial goods & services is also understandable and should be very worrying for those companies. Some Operational Technology (OT) and Industrial Control Systems (ICS) were designed for an earlier, different cyber threat era. This is part of the problem. Secondly, operational disruptions can inflict immediate financial damage on industrial companies due to the immediate reliance on the merged OT/IT systems to function. This is a problem faced by the 2nd most targeted industry (Construction) as well. And while the OT & ICS threat environment has changed dramatically in recent years as these previously air-gapped systems are connected to wider IT systems, the long product life cycle of these systems means that they often contain vulnerabilities and are not subject to regular security scrutiny or patching updates. In short, managing some the legacy technologies combined with the merging of OT and IT is a complex task for security teams.
Investors and stakeholders in all Industrial enterprises should be asking Boards of Directors what companies are doing to address these growing risks to lower the likelihood of a damaging breach.
Research has shown that this type of preparation can reduce both the likelihood of attack and the time to respond to and remedy the breach. This is critical as Cyberhedge research shows that minimizing operational downtime from a ransomware attack is critical to also minimizing the financial damage incurred.