Foresight provided by MSP Expo Gold sponsor Kaspersky proved accurate as the industrial cybersecurity landscape in 2023 did indeed see significant evolution powered by several key trends. The unrelenting pursuit of efficiency in Industry 4.0 and smart systems led to an expansion of the attack surface, making networks more vulnerable to malicious actors.
Meanwhile, the sharp rise in energy costs prompted a strategic shift toward cloud-based solutions, driven by reduced hardware expenses. However, this increased reliance on cloud infrastructure introduced new risks, particularly concerns surrounding data leaks. These vulnerabilities stemmed from two primary factors — the prevalence of under-qualified personnel tasked with managing sensitive industrial data, and the lack of robust practices for responsible disclosure of security flaws.
This retrospective analysis lays the groundwork for understanding the cybersecurity landscape faced by industrial enterprises in 2024. Therefore, Kaspersky's Industrial Control Systems Cyber Emergency Response Team, or ICS CERT, released their annual predictions to outline key challenges businesses must prepare for as automation and digitization reshape industries and the threat landscape.
In 2024, ransomware is predicted to loom ominously over industrial enterprises, emerging as their foremost threat. This peril is particularly acute for large organizations, bespoke product suppliers and major players in logistics, all of whom are vulnerable to heightened risks.
Cybercriminals are anticipated to strategically target entities capable of hefty ransom payments. Such attacks can lead to significant disruptions across the production and delivery pipelines. It should be noted though that the consequences extend beyond financial losses. They can impede critical services, compromise sensitive data and erode public trust.
Industrial enterprises now find themselves in an escalating arms race against cyber adversaries, necessitating robust cybersecurity measures, proactive threat intelligence and resilient incident response strategies to safeguard against the relentless onslaught of ransomware assaults. Staying ahead demands a concerted effort to fortify defenses, mitigate vulnerabilities and cultivate a culture of cyber resilience.
"The industrial sector's cybersecurity is continuously going through significant changes, with both new types of attacks and more sophisticated versions of old ones," said Evgeny Goncharov, head of Kaspersky ICS CERT. "Ransomware attacks are still a big problem, and hackers are getting better at targeting large, profitable companies with more advanced methods.”
Kaspersky also anticipates geopolitically motivated hacktivism to escalate. Beyond conventional country-centric protests, the emergence of cosmopolitical hacktivism is on the horizon, propelled by broader socio-cultural and macro-economic objectives like eco-hacktivism. This shift toward multifaceted motivations heralds a more intricate threat environment, where agendas transcend national borders.
Diverse motives amplify the potential for disruptive cyber activities, which creates challenges for governments, organizations and individuals worldwide. With eco-hacktivism gaining prominence, concerns about environmental sustainability and corporate responsibility converge with cybersecurity.
What’s needed to counter this are comprehensive cybersecurity strategies that encompass not only traditional geopolitical concerns but also the increasingly intertwined socio-cultural and economic dimensions of cyber threats. Be warned though. Addressing this multifaceted landscape demands enhanced cooperation, innovative technologies and adaptive policies.
“Hacktivists who are motivated by social issues are also becoming more active, adding another layer of complexity to the threats,” said Goncharov.
In Kaspersky's third 2024 prediction, the utilization of "offensive cybersecurity" for gathering cyberthreat intelligence is foreseen to yield controversial outcomes. Although it holds promise in enhancing corporate security through early threat detection, it risks blurring the line between ethical and illicit practices. The convergence of profit motives with readily available commercial and open-source tools may empower cyber actors to operate covertly, exacerbating the difficulty of detection and investigation.
Consequently, while this approach may offer proactive defense measures, its potential to inadvertently enable malicious activities highlights the necessity for vigilant oversight and ethical considerations in the evolving landscape of cybersecurity.
The final prediction for 2024 is shifts in threats related to logistics and transport connected to automation and digitization challenges. The automation and digitization of logistics and transport are introducing new challenges, intertwining cyber and traditional crimes. This includes theft of vehicles and goods, maritime piracy, and smuggling. Non-targeted cyberattacks may lead to physical consequences, especially in river, sea, truck and special-purpose vehicles.
The transportation and logistics industry is especially vulnerable to these changes because its systems are becoming more and more digital. This combination of cyber and traditional crime is a serious threat to global supply chains,” said Goncharov. “To protect ourselves, we need to prioritize cybersecurity, avoid paying ransoms, and keep improving our defenses."
The road ahead for industrial cybersecurity is paved with challenges. But by heeding the warnings and preparing for the unexpected, businesses can build a future where critical infrastructure thrives in the face of even the most sophisticated cyber threats.
Kaspersky is a Gold sponsor of MSP Expo, taking place in Fort Lauderdale, Florida, February 13-15, 2024. Part of the #TECHSUPERSHOW, MSP Expo is the premier event for MSPs, offering a three-day experience combining conference education, networking opportunities, an exhibit hall full of the latest technologies and solutions to help MSPs build their business, and more. Kaspersky will be in booth #449 in the exhibit hall.
Edited by
Alex Passett
