A fire or spill at your facility can shut down your operations, but so can malware and ransomware. If you are a large or important target or you have a large customer database that includes financial information, your facility or company could be targeted by hackers. No company wants to be the next Equifax.
Paul Myer, CEO, Veracity Industrial Networks, shares his thoughts on IoT in 2018.
There will be a nation-state cyber-attack on our critical infrastructure in 2018.
There has been an increase in the number of attacks on our nation’s infrastructure, such as our power grid. Now, these systems are secure and we have not seen a widespread attack be successful, but as the old saying goes, the bad guys only have to be “right” once; those defending these institutions have to be “right” every time.
In October, the DHS and FBI warned that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. They also reported that some of those hackers were successful in compromising the networks. All this evidence points to an increasing risk that an attacker will be successful in the near future.
The “industrial cybersecurity” space will see record investment in 2018.
Cybersecurity has been attracting significant investment for years now, however the bulk of that investment has been in the traditional “IT security” world where the most action is. During 2018, we expect to see a shift where more investment goes toward companies addressing the industrial cybersecurity needs that are becoming critical.
The industrial side of cybersecurity has lagged the “IT security” world in development of tools and procedures. Reliance on “air-gapping” as a security measure has run its course. This will bring a new group of industrial cybersecurity-based solutions looking for investment. We predict that investment will be large and immediate.
The lack of trained cybersecurity personnel will become acute in 2018.
There has been considerable discussion about the lack of trained cybersecurity professionals and the issue this causes. The growth of our cybersecurity needs has far outpaced the development of training programs and the number of new experts we are creating. Things will be worse before they get better and 2018 will likely shine a light on this intellectual shortfall.
This “shortage” will be more acute in industrial networks as there are less training options for those professionals. Also, the lack of viable networks security tools on the industrial network side make the actions of trained network security professionals all the more important.
The “ransomware” business model will be applied to more hacks.
The advent of “ransomware” attacks, where your data is held hostage by a hacker that has compromised your computer until you pay a ransom, will continue in 2018. This new revenue source for today’s cyber criminals has broadened the targets for hackers geometrically. Suddenly, companies and individuals that house no data suitable for sale on the dark web have become targets. Locking up a grandmother’s photos could produce revenue now.
Part of the ransom phenomena is made possible by the anonymous nature of bitcoin as a currency. We predict that hackers will spread the ransomware business model to the industrial space by holding parts of OT/ICS networks hostage, in 2018.