Thu. Nov 21st, 2024
Nigerian businesses cyber ransom

By Adedapo Adesanya

A new report has shown that amid a drive for digitalization, a total of $706,452 has been paid in ransom to cybercriminals by Nigerian businesses.

According to Sophos, in The State of Ransomware 2022 report, Industrial Control Safety Systems (ICSS) in critical infrastructure are increasingly exposed to cyber-attacks because of the digitization drive of the industry.

The report showed that as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control systems become connected to the Internet to allow greater business efficiency (remote process monitoring, system maintenance, process control, and production data analysis)-Industry 4.0, they also make the business more vulnerable to threats with the potential to seriously affect critical Industrial Control and Safety Systems.

Exposing the need as to as why internal cybersecurity is the new normal, the note shared with Business Post showed that critical infrastructure is classified as the physical and IT/OT assets, networks, and services. And that, if disrupted or destroyed, would have a serious impact on the health/ security/economic well-being of citizens and the efficient functioning of a country’s government.

“The energy sector and manufacturing industries are critical to the global economy, and their security is of the utmost importance. The integration of operational technology (OT) and information technology (IT) – industry 4.0 – in these industries has also increased efficiency and productivity, but it has also increased the risk of cyber-attacks,” the report explained.

“One of the main challenges facing these industries is the integration of OT and IT systems. OT systems, such as control systems, are used to control and monitor physical processes, while IT environments, i.e., the internet and cloud, are used to process and store data. The integration of these environments means that cyber-attacks on the Information Technology environment can now directly impact the physical processes controlled by Operational Technology systems.”

The note explained that the use of legacy (ICSS) in these industries is prevalent as many control & safety systems were developed before cyber security was a global concern and may not have the necessary security measures in place to prevent such attacks when the ICSS is compromised.

In addition, the hardware and software in these legacy ICSS could have reached their End of Life (EOL), which makes them more vulnerable to cyber attackers.

Some other factors have contributed to the growing vulnerability of industrial control systems, which include – insecure remote connections; Access links such as dial-up modems and wireless communications are used for remote diagnostics, maintenance, and examination of system status. If encryption or authentication mechanisms are not utilized, the integrity of the transmitted information is vulnerable.

Another is standardized technologies as organisations are transitioning to technologies, such as Microsoft’s Windows, to reduce costs and improve system scalability and Internal performance. The result is unrestricted access to knowledge and tools to jeopardize the system and an increase in the number of systems vulnerable to attack.

Another critical one is the availability of technical information—public information about infrastructures and control systems is readily available to potential hackers and intruders. Design and maintenance documents and technical standards for a critical system can all be found on the internet, greatly jeopardizing overall security.

In addition to the challenges and vulnerabilities facing the industrial control system, cyber threats and incidents are now major operating and business risks for every digital enterprise.

The report noted that in the age of digitization, it is imperative to create and execute strategies that allow the business to monitor and mitigate cyber threats and risks supporting its financial objectives.

However, to truly mitigate these risks and be IIOT-ready, organisations need to “have a comprehensive cyber security program with the partnership of industry experts, which incorporates intrusion detection and prevention systems, firewalls and secure remote access solutions in place, such as those offered by Schneider Electric; with a team of certified experts, delivering holistic cybersecurity programs to help maintain the system’s defences, with cybersecurity services such as vulnerability assessments, penetration testing, and incident response planning from an operations perspective, while integrating appropriate IT policies and requirements.”

The report warned that while the integration of OT and IT systems in the energy sector and manufacturing industries has increased efficiency and productivity, it has also increased the risk of cyberattacks.

To remedy this, organisations in these industries were tasked to adopt a cyber security program and posture to maintain profitability to protect against cyber-attacks.

By Adedapo Adesanya

Adedapo Adesanya is a journalist, polymath, and connoisseur of everything art. When he is not writing, he has his nose buried in one of the many books or articles he has bookmarked or simply listening to good music with a bottle of beer or wine. He supports the greatest club in the world, Manchester United F.C.

Related Post

Leave a Reply