The Colonial Pipeline ransomware attack is not a one off incident – and everyone knows it.
The event forced one of the nation’s largest fuel pipeline operators to shut down its entire network. An outcome that is going to be top of mind when industry operators shop for connected products to enhance their productivity.
Colonial Pipeline transports 45% of the gasoline, diesel and other fuels that are used on the East Coast. Its 5,500 miles of pipelines carry fuel from the refineries on the Gulf Coast to customers in the southern and eastern states of the US, supplying fuel to 50 million people. With the expectation that the attack will have a long term impact on fuel supply or prices, it exposes the extent to which mission critical operations are vulnerable to the growing threat of ransomware attacks on connected devices.
Why IoT devices are the ideal ransomware target
In a ransomware attack hackers gain accesses into a network system, often through IoT products which tend to be the most susceptible. Once inside they make all the available data inaccessible by encrypting it. They then approach the victim and demand a ransom to have the data decrypted and made accessible again.
Ransomware attacks have become increasingly common in recent years and in no small part this is due to the incorporation of IoT products into the network. While connected devices have become central to industrial processes as they are critical to productivity, they are also prime targets for conducting a ransomware attack, on the same scale, if not greater than Colonial Pipeline.
IoT devices are more vulnerable to attack for a number of reasons; they’re easier to penetrate as they tend to have a lower security threshold compared to other devices in the network such as computers, and they can be manipulated to cause greater damage. The close intertwining of connected devices into industrial operations upscales the potential damage of being hacked. It heightens the risk to employee safety, damaging production process or having operations entirely shut down
The Industrial Sector Represents Easy Prey
The industrial sector which in many respects is leading the path to IoT device adoption, is also, by the nature of what it does, more susceptible to ransomware attacks. The constant demand for oil, water, electricity and civil operations, make it less able to tolerate disruption and hackers know that they can expect a pay day. Similar to other essential industries like healthcare, hackers have realized they can extort more money, more easily from sectors that are under increased pressure to stay open.
The pirates of the digital era, hackers are ramping-up their attacks against the industrial sector because this industry has too much at stake. Where minutes can cost millions, these firms are more willing to pay a ransom demand to regain control of their network.
The Frequency of Attacks Makes Cybersecurity a Burning Prerequisite
An unfortunate reality is that the frequency of attacks on industrial control systems is far more common, then the number that gets reported, with only the most devastating ever making headlines. Many industrial companies, along with building automation, smart cities and enterprises are getting hit, often via their IoT products, and are battling cyber attacks like these every day. The security of their connected products is no longer a nice-to-have feature, but a critical staple that they can’t afford to ignore.
Considering the enhanced risk profile of the industrial sector, cybersecurity has become an increasing priority when bringing new IoT products into their network. To sell to this sector, product managers will have to prioritise the security of their devices and ensure that it will weather the crash of the next wave of ransomware. But to successfully sell more products, product managers will need to market the security of their devices. They will need to address the needs of the industry, demonstrating how their product is equipped with advanced defensive capabilities that will ward off attacks and keep operations at a blissful quiet.