As per the latest KPMG’s report, the overall budget for Ransomware cyber attacks have skyrocketed-upsurging from US $8 billion in 2018 to US $11.5 billion in 2019 and hitting US$20 billion in 2020.
As per the KPMG’s latest publication regarding Industrial cyber defense, the frequency of cyberattacks on industrial operations has improved in recent years, with ransomware attacks particularly acute in Saudi Arabia.
Ransomware attacks on operational technology (OT) networks climbed fivefold from 2018 to 2020. Out of these, manufacturing entities embraced over one-third of established ransomware attacks on industrial organizations, tracked by utilities.
As per the announcement, the cybersecurity threat to industrial operations has swiftly evolved and lengthened over the previous year. This is due to several factors, counting a shift to more engineering and maintenance remote actions, more remote operation work on production lines and incomplete digitalization efforts.
Statement from Hossain Alshedoki, IT/OT Cybersecurity ENR Lead, KPMG in Saudi Arabia
As per the statement from Hossain Alshedoki, IT/OT Cybersecurity ENR Lead, KPMG in Saudi Arabia, “Despite the growing threat and public pressure, organizations remain unprepared. Organizations may be facing a paradox of choice. The cybersecurity industry includes myriad services, many of which are relatively new and sometimes untested. Confounded by choices, many organizations end up unprotected.”
Alshedoki also stated that, “A cyber PHA methodology, when implemented correctly, in stills practices throughout an industrial system that will prevent most cyberattacks.”
As per the announcement, over a period, ransomware attacks have become more sophisticated and have reformed to achieve their ends by different methods. Additionally, these attacks have progressively targeted the Industrial Control System (ICS) environments such as oil and gas, manufacturing.
Furthermore, as per the reports from and study by (CS)²AI and KPMG, the Control System Cyber Security Survey 2020 specified that 10 to 20 percent of respondents did not know whether these apparatuses (PLCs, IEDs, RTUs, HMI, Servers, Workstations and Historian) were remotely accessible.
As per the report, provided the new threat landscape, firms require to take action currently and be better equipped for the evolving threat. Consequently, cyber PHAs – a risk mitigation procedure that benefits enabling a holistic cyber PHA exercise – should resultingly evolve along with the evolving nature of industrial cybercrime.
He concluded by stating that, “Cyber PHA benefits an organization’s broader business practices. Applying a cyber PHA methodology documents an organization’s business processes and requires the creation of integrated information security policies, procedures, standards, and controls used within an organization.”
Press Release received on mail