Companies are increasingly looking for intelligent technologies to optimize production and decision-making to create companies of the future. With the increasing dependence on autonomous and digital technology, however, the risk of cyber attacks also increases, says the service company PwC.
As technologies become more interconnected, so do the potential cybersecurity threats and attack vectors. The consequences of these threats can be severe and result in lost production and revenue, fines, reputational damage and the shutdown of critical infrastructure.
This has been compounded by the complexity and adoption of intelligent systems that use advanced technologies such as machine learning and the Internet of Things (IoT).
Referred to as “Smart Manufacturing / Smart Mining”, South African industry leaders recognize that the terms encompass everything from artificial intelligence (AI) to robotics and cybersecurity.
PwC has commented on emerging cyber threats in the mining and manufacturing industries. The document focuses on emerging cyber threats affecting these sectors, with a focus on South African and other Africa-based organizations.
While the convergence of these advanced technological systems and the operating technology that forms the backbone of the sectors brings significant benefits, it is important to note that reliance on such networked and internet-dependent systems is not without its own risks, PwC pointed out .
Junaid Amra, PwC Forensics Technology Solutions Leader, said, “Companies in the manufacturing and mining industries face a wide variety of cyber threats. A number of organizations have not paid enough attention to these threats. Nor are they prioritizing the implementation of appropriate defense strategies as threat actors begin to take an interest in organizations operating in the field.
“With technology adoption increasing, the consequences of attacking companies in these sectors can be far-reaching and potentially devastating. Therefore, it is important for organizations to understand the key areas of risk, attack vectors, and vulnerabilities to ensure they are applying the correct controls to improve security and protect their assets. “
The technologies most commonly attacked by attackers in these sectors are Industrial Control Systems (ICS). ICS are embedded computing devices that are responsible for a variety of automated process controls in industries (e.g. measuring devices, packaging machines, and all other components of an assembly line that form part of every production process).
“The Covid-19 pandemic has exacerbated the problem of cyber attacks. According to international research, there was an increase in burglary activity in the manufacturing sector in 2020 as well as several cybersecurity incidents in the mining and resource sectors of some countries, “Amra said.
PwC’s paper sheds light on the various threats to ICS technologies and the profiles of the actors who perpetrate these attacks. It also focuses on notable incidents to reveal the complexity and subsequent impact of ICS attacks.
Attacker’s tactics, techniques and procedures
PwC’s global threat intelligence practice recognizes four types of motivations that drive attackers, namely espionage, hacktivism, terrorism / sabotage and organized crime. There are also a number of different tactics, techniques, and procedures used by any attacker.
Not only does this determine the impact of any attack, but also the means by which organizations are attacked and subsequently compromised. It’s also noteworthy that insiders can belong to any threat group, PwC said.
Organizations that understand that a security breach can take different forms and originate from different locations can better imagine how to implement the right countermeasures.
It is important to note that local regulatory and disclosure laws play a large role in the number of incidents reported and known to be a by-product of the public.
Espionage is one of the driving forces behind cyberattacks in the manufacturing industry. Cyber criminals gain access to the networks of companies in the sectors with the aim of stealing trade secrets and intellectual property.
However, our research has shown that although there was a significant increase in spy-motivated incidents in 2020 compared to the same period in the previous year, most of the attacks were predominantly financially motivated (63-95%).
“We also used our experience performing cyber security assessments and penetration testing across our global network to identify the most common security vulnerabilities in OT / ICS networks.
“The most common attacks identified by PwC’s incident response teams in 2019 and 2020 were: Infiltration of insecure email platforms after the cloud rollout; Phishing; and insecure remote access platforms (VPN, remote login), PwC said.
Once attackers gain a foothold in an organization, the tools and tactics they use are usually designed to monetize their attacks with the simplest possible means. One example is ransomware, a type of malicious software (malware) that holds your systems or data for blackmail.
Globally, PwC has tracked ransomware attacks in various industries for 2020. Of this, 17% was in the manufacturing sector, but no data appears to have been published from the mining sector.
“In our experience, attacks in the mining sector have mainly focused on electronic payment fraud, industrial espionage and sabotage. The data available for the continent of Africa are limited but we believe this is an example of how vulnerable African organizations in the sectors are to this type of attack, ”PwC said.
Cyber attacks are becoming more pronounced as technology is embedded in operational processes. In addition to the loss of data and intellectual property, the risk to core business operations increases and cyber attacks can lead to serious disruptions.
In addition, safety, health, environmental and quality systems (SHEQ) could also be affected as the reliance on intelligent devices to support these processes and functions grows.
“Mining and manufacturing companies need to embed a security culture against potential cyberattacks – companies should have plans and processes in place to prevent, respond to, and recover from a potential cyberattack. The likelihood and consequences of a cyber attack should not be downplayed, ”said Amra.
Read: What Cybersecurity Says South Africa in 2021