The ARIA Cybersecurity team had a hugely productive week in Anaheim, California at the recent 2024 Rockwell Automation Fair. The event was a fantastic opportunity to make connections with companies from across different industries. They all shared one objective: to discover innovative new ways to protect their industrial operations from the dangerous new wave of sophisticated cyberattacks.
At the event I had the honor of presenting an overview of the latest attack techniques, effective ways to measure risk, and – most importantly – ARIA’s vision for stopping today’s attacks on operational technology (OT).
A New Cybersecurity Battleground
It’s clear that attacks targeting OT are growing in frequency and severity – with the costs associated with an attack rising fast too. We have identified more than 700 attacks on OT over the last three years, infiltrating companies such as Merk ($1.4 billion in losses), WestRock ($200 million), and Clorox ($500 million).
During my presentation, I demonstrated how to quantify this risk in dollar terms based on the cost of a successful attack and the probability of it happening – which cyber insurers are now estimating at 15 percent in any given year. This means that an attack on a mid-size company with $120 million in annual revenue, which disrupts production for two months, creates a risk cost of $1.5 million.
It’s little wonder that the cost of cyber insurance has risen ten-fold this decade. And even those that get insurance in place can face lengthy legal battles in receiving a pay-out – as Merk discovered.
Today’s OT Cyber Defenses Are Not Working
This alarming situation is exacerbated by companies relying on cyber defenses that are ill-equipped to prevent these new types of attacks in OT environments. In fact, we estimate that today’s active defenses (e.g. AV) only provide protection against 20 percent of the attacks we are seeing today.
Detecting signatures (based on file hashes) doesn’t work for polymorphic viruses where the hash changes on each deployment – a technique used more than a decade ago with Stuxnet. NextGen AV relies instead on learning new attack Indicators of Compromise (IoCs) once their customer bases get hit. It can take weeks for updates that block newly identified IoCs to become available and OT devices need to be constantly connected to receive these daily updates.
This summer the industry discovered exactly what happens when a vendor issues a bad update. CrowdStrike unintentionally attacked its entire customer base, putting many critical production devices out of commission for more than a week. As for today’s sophisticated nation-state-backed attacks, these solutions often miss them completely. In worst cases, attackers simply turn off active defenses on the targeted endpoints.
Meanwhile, passive defenses designed to limit access to the network – such as firewalls – work best by trying to cut off access to the internet, which is at odds with the AV’s constant need for updates. These defenses seek to detect viruses using hash-based signatures to identify attacks that are already known, thereby missing anything polymorphic. This means network-based defenses only detect around 30 percent of today’s attacks.
An Innovative New Approach
These active and passive defenses have an important role to play – but they need help. In my presentation, I set out the case for a third-generation approach that detects the techniques modern attacks use rather than the attack patterns (IoCs) and signatures. This is the principle behind our AZT PROTECT™ solution, which delivers generic endpoint attack prevention without the need for constant updating. Custom-built for OT environments, this award-winning solution is proven to stop the sophisticated techniques used in high-profile cyber incidents such as the SolarWinds supply chain attack.
My main takeaway was this: if we can quantify the cost of risk, then we can also quantify the value of risk reduction. By reducing the chances of a successful attack in a given year from 15 percent to a negligible 0.1 percent – as is possible with AZT PROTECT – we can drive a 150-fold reduction in risk. For the mid-sized company mentioned earlier, this reduces their risk cost from $1.5 million to just $10,000 a year. That’s a game changer.
This message resonated strongly with everyone we met in Anaheim – and it shows the way forward for companies looking to protect their production environments in these dangerous times.
ARIA recently joined Rockwell Automation’s PartnerNetwork™ to bring AZT PROTECT into the Rockwell ecosystem. To discover more about how we’re working with Rockwell to protect critical production environments check out our recent webinar.
Ready to fortify your OT defences against today’s most dangerous attacks? Contact ARIA Cybersecurity at Sales@ariacybersecurity.com