Is Connectivity Making Industrial Cybersecurity More Vulnerable?

It can be argued that industrial facilities have taken to digital transformation much earlier than other enterprises. While it’s only now that some businesses are committing to adopting digital tools, factories have been using robots and programmable logic controllers (PLCs) decades before the dotcom boom of the nineties. Industrial cybersecurity comes to the forefront as industries increasingly adopt digital technologies.

What’s probably sweeping industries today are technologies that rely on connectivity: the cloud, mobile computing, and the Internet-of-Things (IoT). These technologies offer some very exciting applications. The cloud has allowed organizations to shift part of their IT infrastructure off-premises and easily scale their available computing resources. Mobile computing and connectivity have allowed engineers to monitor and control their machines remotely. Sensors and robots are now even smarter, and through the IoT, are capable of interfacing with external artificial intelligence (AI) or analytics engines that allow these machines to automatically adjust for greater efficiency even without human intervention.

The need for Industrial Cybersecurity

However, this increasing connectivity of industrial facilities is now also raising cybersecurity  concerns calling for more attention to industrial cybersecurity. Previously, industrial facilities were largely air-gapped, so hackers had to manipulate staff through social engineering attacks, or infiltrate facilities themselves. But as more industrial IT components connect to the internet, they become more exposed to cyberattacks from advanced persistent threats (APTs).

Industrial facilities have become more connected. Cloud computing has prompted a growing number of enterprises to shift their workload online. More facilities are also incorporating smart devices into their infrastructure. Unfortunately, this is also expanding the attack surface. Given how tenacious threat groups are these days, increasing connectivity can make these enterprises vulnerable to attack.

Here are three areas where industries are becoming more connected and how they can expose infrastructure to possible attacks:

Adoption of Cloud Components

One area that should concern industries regarding their cyber-attack monitor is their adoption of cloud computing. For many organizations, the emergence of cloud computing has been a boon. They can now essentially outsource their computing needs to providers, lessening the need for acquiring and maintaining servers and applications on-site.

Unfortunately, cloud instances can be compromised whether through vulnerabilities at the provider’s end or through weak access controls at the user’s end. Hackers can then steal, hijack, and destroy critical data. They can even perform supply chain hacks that could introduce malicious code or malware into the company’s cloud storage and repositories. Access to these cloud components is often whitelisted, allowing malware to reach the facility’s infrastructure unhindered.

What could be more troubling is that hackers have become crafty, disguising their malware within legitimate files. They can even feature polymorphic code that continuously changes, allowing it to evade conventional signature-based detection. What’s often needed is for enterprises to integrate solutions like content disarm and reconstruction that can sanitize all files coming into the network, whether through email or repositories, to ensure that they are safe.