What to expect from the industrial cybersecurity in 2023?

Posted date 26/01/2023

Autor

INCIBE (INCIBE)

In the year 2022 and as is reflected in the article Industrial Security 2022 in numbers, cyberattacks in all industrial sectors have increased by around 30 % in the third quarter of 2022 and it is estimated that the number of organizations or industrial manufacturers victims of a cyberattack was around 40% in the last year.

The future is uncertain, especially in terms of attacks on the industrial sector, but what should be clear is that cyberthreats will continue to grow and evolve, so it is necessary and advisable to continue developing defensive methods that provide organizations, not only in the industrial sector, but in all sectors, with the ability to defend themselves.

This article focuses on industrial security prediction for 2023 with the aim of providing an overview of what the future may look like, what we can expect and how we can prepare for it.

Top industrial cybersecurity predictions for 2023

It can be postulated that 2023 will see a global growth in the number of cyberattacks in the industrial sector. The forecast indicates that an era of geopolitical tensions lies ahead and that macroeconomic factors will largely determine the threats to industrial companies and OT infrastructures.

These predictions will encompass attack vectors driven by increased digitization, cybercrime activities by companies own employees and ransomware attacks on critical infrastructure.

A top 10 industrial cyber-security prediction for 2023 are listed and explained below:

New risks and general changes in threats: Through 2023, a shift in advanced persistent threats (APT) against different organizations in the industrial sector can be predicted. Traditional targets, such as military and governmental, will continue to be targeted. Digitization in areas such as IIoT and Smart Grids has increased the possibilities for an attack, and the emergence of digital twins and predictive systems in the sector has further increased the area of exposure to attack.
Rising prices, both in energy and hardware: Due to geopolitical instabilities, rising prices will pose a clear risk to cybersecurity. This has already been seen in 2022 and, in this new year, a further increase in prices is expected, which may lead to the discouragement of improving, implementing, or updating industrial security systems due to the high costs. One example is computerized maintenance management systems (CMMS), which have come under heavy attack in 2022 and are expected to increase further in 2023.

Top ten countries CMMS attacks 2022

- The ten countries with the highest percentage of CMMS attacks in the first quarter of 2022. Source: Kaspersky -

Rapid migration to the cloud: Over the last few years, companies have been migrating rapidly to the cloud in order to integrate new working methods not the systems already integrated by companies in the industrial sector. The use of different providers for cloud services will lead to systematic inconsistency and in turn to different security problems. Both the management of these processes and the configuration by developers and users for industrial applications in the cloud can pose a security risk, as the main objective is not to defend the system against possible attacks, but the mass adoption of local systems and the development of applications.
Social engineering, a continuous threat over time: In 2023, social engineering threats will continue to be one of the main risks for OT companies, as they are mostly related to IT environments. These threats will be adapted to the new hybrid work environment, which will be an entry point for attackers into the enterprise. Email will continue to be the focal point for this type of threat, and email security and awareness campaigns by companies will be an essential part of security plans. Vishing cases will also increase considerably.

Man phishing with a laptop

- Social engineering attack -

It Will increase the perimeter of the company: As introduced in the previous point, the emergence and entrenchment of hybrid working methods can lead to serious security problems if remote connections are not made securely.
Adoption of MFA as a primary target: Attacks will be directed against multi-factor authentication (MFA) users. In the case of ICS, most major access already require this authentication method to ensure security and access. As a result, cyber-attackers will look for new ways to bypass these security mechanisms by adapting their targeted credential attacks. Different MFA vulnerabilities and circumvention techniques are expected to emerge in 2023. However, going back to social engineering, this will be the main technique used by attackers to breach this authentication process. There are different ways to breach MFA without breaking multi-factor authentication:
- Automatic bombardment: Exhausting the user with requests for approval to finally click on a malicious link.
- New adversary in the middle (AitM) techniques: The MFA process will be included to capture authentication session tokens when the user performs a legitimate login.
Supplier selection more critical: With the increase and risk of supply chain attacks, industrial systems will seek to raise the minimum requirements in supplier selection criteria. It is believed that by 2023, the need by industrial companies for their suppliers to have factors such as cyber resilience, vulnerability assessments and ability to secure devices will be vital in supplier selection processes.
Attacks focused on industrial infrastructures: Most attacks in 2023 will focus on one of the most critical points of any society, its energy producing industrial infrastructures. ICS will be the main focus, as cyberattacks will target these systems that control factories and civil infrastructures.
Ransomware stagnates, but stealth attack emerges: In the last year, the exponential trend in ransomware is no longer as pronounced, but there has been a significant increase in the so-called stealth attacks. In 2023, threat actors will start using stealthy software and techniques to steal data from victims. In contrast to ransomware, this new technique means that information stolen from any company can be sold or exploited directly while the attacker remains hidden without blackmail or asking for anything in return. This is of vital importance, especially in the industrial sector, as the stealthy theft of information to be sold or used to halt the industrial process can have major consequences. As a result, companies in this sector will need to significantly increase their ability to manage and detect the attack surface around their critical assets.
Changes in the regulatory framework: There are different cybersecurity legislations. By 2023, most companies in the industrial sector will be looking to bring their equipment in line with regulatory minimums. The implementation phase of regulations will be boosted, and many regulations will need to be updated:
- NIS 2 Directive: This directive will replace its previous version, the NIS (Network and Information System). It will impose stricter monitoring and reporting measures.
- Draft European Cyber Resilience Act (CRA): Once accepted, this European law will stablish mandatory cybersecurity requirements for equipment and products with digital elements.
- The EU Delegated Regulation supplementing the Radio Equipment Directive (RED): Will apply from August 2024, making cybersecurity mandatory for all wireless equipment.
- NIST 8270: This standard refers to commercial satellite operations. In 2023, attacks on the satellite environment are expected to increase. NIST is expected to update this standard in the first quarter of 2023.

In the following illustration, a graphical summary of the predictions in 2023 is given:

cybersecurity predictions 2023

- Summary of top 10 prediction 2023 -

Conclusion

As a general conclusion, it should be noted that during 2023 there will be an exponential growth in cyber-attacks, with industrial systems being the focus of such attacks along with new generation equipment installed in medical centers.

These predictions can help companies prepare for what is to come this year and improve their defenses by focusing on the predictions, thus mitigating, or avoiding potential cyber-attacks con their infrastructure.

On the other hand, changes in different regulatory frameworks will be very important, as compliance will be essential for any company in the industrial sector thus avoiding possible attacks and also possible sanctions for noncompliance.

Content produced in the framework of the Spanish Government's Recovery, Transformation and Resilience Plan financed by the European Union (Next Generation).

Etiquetas