The level of digitalization in the industry is steadily increasing. Spurred on by the coronavirus pandemic, more and more companies are relying on networked processes and digital services. Working from home and remote maintenance mean that more and more people are accessing company networks from outside the company premises. In addition, more and more applications are being moved to the cloud. However, the benefits of a networked world also come with risks: cyber criminals use security vulnerabilities to harm companies. It is important to differentiate between security for IT and OT (operational technology). Various studies also show this.

New technologies increase the risk to data security

In the fourth edition of the 'Global Data Protection Index 2020 Snapshot' study, Dell Technologies, for example, measures and evaluates the maturity level of data protection strategies and how well companies worldwide are protected against data loss. For the new study, 1000 IT decision-makers worldwide were surveyed at the end of 2019, including in Germany. The survey shows huge data growth in companies: They managed an average of 13.5 petabytes (PB) of data in 2019 - almost 40% more than a year ago (9.7 PB). Compared to 2016, when 1.45 PB of data was stored in companies, this represents growth of 831%.
A major threat to this data is the increasing number of disruptive events such as cyber attacks and system failures. While 76% of the companies surveyed were affected by such events in 2018, this was already the case for 82% in 2019. Companies that use data security systems from multiple providers were particularly vulnerable. They were affected about twice as often by incidents that restrict data access. Nevertheless, more and more of them are taking precisely this approach. 80% of respondents said they use technology from two or more vendors.
Almost all of the companies surveyed are investing in new technologies such as cloud-native applications (58%), artificial intelligence and machine learning (53%), SaaS applications (51%), 5G and cloud edge infrastructures (49%) and Internet of Things and endpoint solutions (36%). Almost three quarters of respondents (71%) believe that these technologies will further complicate data security. 61% even believe that new technologies pose a real risk to data security. More than half of the companies that use such technologies find it difficult to find adequate security concepts for them.

OT also affected by IT security vulnerabilities

Humans are still considered the biggest security risk. Cyber criminals exploit this security gap - for example with social engineering or when using USB storage media.

© WEKA Trade Media

There is always a high risk for companies when the company network is accessed from outside, for example from the home office or remotely. People are also still considered the biggest security risk in companies. According to Trustwave's Global Security Report 2020, more and more cyber criminals are relying on the latter. Social engineering, in which people are influenced with the aim of gaining access to confidential information, financial resources or third-party networks, for example, has increased significantly and continued to develop. According to the study, phishing or other social engineering methods were used in 50% of all security incidents investigated by Trustwave analysts in 2019, compared to 33% in 2018.
The analysts also recorded a sharp increase in ransomware. Attackers encrypt important files or entire systems and extort a ransom. In recent years, well-known companies have fallen victim to this scam, which according to Trustwave accounted for 18% of all security incidents in 2019. The figure was 4% in 2018.

USB as a gateway to industries

Since Stuxnet in 2010, USB sticks have been considered a security risk. The malicious program attempted to install itself on certain Windows systems as soon as a USB storage medium was connected to a computer. The aim was to ultimately gain access to Siemens control systems via these computers. As a result, many industrial companies have recognized the danger posed by USB storage media. Operators of critical infrastructures in particular are aware of the threat and have often blocked the interface for employees; people are too careless with the storage media.

According to Honeywell, USB devices play an important role in attacks on OT systems as the second most common attack vector in industrial control and automation systems. Examples include the Disttrack, Duqu, Ekans, Flame, Havex, Industroyer and USBCulprit attacks. The company has therefore been investigating security threats via the USB interface for several years in its 'Industrial USB Threat Report'. This examines data collected using the company's SMX (Secure Media Exchange) technology, which can scan and control removable media, including USB drives. The system runs on hundreds of industrial systems worldwide.
The latest USB Threat Report shows that the number of threats specifically targeting operational systems has increased from 16% to 28% over the 12-month period. The overall number of threats that could lead to a loss of visibility or other major disruption to OT systems increased from 26% to 59%.

The report shows that one in five threats were specifically designed to use removable USB media as an attack vector. More than half of the threats were designed to open backdoors, establish persistent remote access or download additional malicious user data. These findings point to more coordinated attacks that are likely to target air-gapped systems used in most industrial control environments and critical infrastructures.
Incidentally, the VDMA, together with mechanical and plant engineering experts from the 'Information Security' working group, has drawn up an emergency aid paper that brings together answers to basic questions following a ransomware infection. It is intended to help companies recognize attacks and take targeted countermeasures.