Cybersecurity Experts Anticipate Major Attack in the Next Two Years

Ian Wright posted 2017-07-21

The Blackhat logo. (Image courtesy of UBM.)

With the Internet of Things (IoT)—and its manufacturing cousin, the Industrial Internet of Things (IIoT)—on the rise, concerns about cybersecurity are rising too.

Last year, the Department of Homeland Security identified the manufacturing sector as the leading target of infrastructure cyberattacks. Manufacturers are well-aware of the risks, with a report from BDO showing that 92 percent cited cybersecurity concerns in their 2016 SEC disclosures.

Now, a survey of nearly 600 cybersecurity professionals has found that 60 percent of respondents believe a major breach of U.S. infrastructure will occur in the next two years. They also don’t believe that the relevant defense and government agencies are prepared to respond.

The findings come from Black Hat, a conference of cybersecurity researchers and enterprise information security professionals.

The survey also indicates mixed feelings regarding the Trump administration’s impact on cyber defense, with 47 percent expecting it to be negative, 26 percent seeing it as positive and the remaining 27 percent as neutral.

(Image courtesy of UBM.)
More telling is the fact that almost 70 percent of respondents stated that recent activity from Russia and China has made U.S. enterprise data less secure and more than 60 percent suggested that corporations should develop special online defenses to protect their critical data from state-sponsored hacking.

Based on its role in the Democratic National Committee (DNC) hack and the reveal of CIA hacking tools, more than 60 percent of survey respondents stated that Wikileaks is impacting the way corporations and government agencies conduct their operations. Support of Wikileaks was noticeably split: 31 percent in favor, 32 percent opposed and 37 percent neutral.

(Image courtesy of UBM.)
Of course, concerns about cybersecurity aren’t solely due to potential aggressors; nearly 70 percent of respondents said they do not have the staff to meet the threat of a major security breach in the next 12 months and nearly 60 percent said they don’t have an adequate budget.

As evidence that cybersecurity should be a concern even without the threat of intentional attacks, one need only look to GlobalFoundries, a semiconductor manufacturer which recently saw its Vermont plant hit by a computer virus. Although the company stated that it was not the intended target, it did admit that the virus had been uploading to manufacturing equipment, which had to be taken offline to prevent the virus from spreading.

(Image courtesy of UBM.)
Perhaps even more disconcerting is a report from cybersecurity firm Trend Micro, which revealed security vulnerabilities in industrial robots. “We found that the software running on industrial robots is outdated; based on vulnerable OSs and libraries, sometimes relying on obsolete or cryptographic libraries; and have weak authentication systems with default, unchangeable credentials,” the report states.

So, what can manufacturers do to stave off these cybersecurity threats?

Based on this survey, it looks like increasing the budget and staff of your cybersecurity team would be the best place to start. The good news is that there is plenty of interest in this field amongst Millennials, who are entering the workforce in droves.

To read the full Blackhat survey, click here.