BrazilSaudi’s industrial sector increasingly vulnerable to cyber attacks
The number of cyberattacks on manufacturing plants and other industrial assets in Saudi Arabia has increased in recent years, and as a result, a growing number of organizations in the Kingdom (including those of national importance) face the need to ramp up their cyber frontiers, according to a report by KPMG.
The ‘Industrial Cyber Defense’ report by the advisory giant found that industrial Saudi Arabian companies face one of the highest threats for intrusion and attacks globally, for a large part due to “unpreparedness”, said Hossain Alshedoki, one of the report’s lead authors and an expert in cybersecurity matters.
“Despite the growing threat and public pressure, organizations remain unprepared,” he said. One of the reasons lies in the growing digitization of operations, which exposes companies to cyber risks. Examples include a shift to more engineering and maintenance remote activities, more remote operation work on production lines and the application of internet of things.
When such setups are technically not sound, life for hackers can be surprisingly straightforward, while cause a devastating impact. The hack of the Colonial Pipeline (the largest pipeline operator in the US) earlier this year showed exactly this: a ‘simple’ attack led to the temporary shut down of the pipeline, causing havoc in the fuel supply process.
Another reason for vulnerability can stem from what Alshedoki calls a “paradox of choice”. He unpacked, “The cybersecurity industry includes myriad services, many of which are relatively new and sometimes untested. Confounded by choices, many organizations ultimately end up unprotected.”
Not to forget that criminal groups and their digital assaults have become more sophisticated. The most common attack on industrials worldwide is a ransomware attack on operational technology networks – these have soared over the past years.
In 2020, two key segments of the industrial landscape, energy and utilities, saw a 32 percent increase in ransomware attacks, according to PurpleSec data. The estimated costs of these ransomware attacks skyrocketed – climbing from $$8 billion in 2018 to $11.5 billion in 2019 and hitting $20 billion in 2020.
Seeing the invisible
With these threats in mind, KPMG’s report highlights the need for gaining deep insights into the threats landscape, and then using that information to build cyber resilience. “Risk teams must be aware of the changing threat landscape and update their work processes and templates in line with those changes.”
Conducting a detailed Cyber Risk Analysis (known as a Cyber PHA) is the first step in the process. “A cyber PHA is a safety-oriented methodology to conduct a cybersecurity risk assessment for an industrial control system (ICS) or safety instrumented system (SIS). The cyber PHA is typically performed in phases, is scalable, and can be applied to individual systems, or entire facilities or enterprises.”
“Cyber PHAs should link realistic threat scenarios – that consider new kinds of industrial cyberattacks – with known vulnerabilities and existing countermeasures,” said Alshedoki.
Once the cyber PHA is completed, a comprehensive report is produced showing the risks to the enterprise and a plan to mitigate risk to the organization’s acceptable level. “Leaders can then use this information to populate their remediation plans.”
“When implemented correctly, a cyber PHA methodology instills practices throughout an industrial system that will prevent most cyberattacks. It basically benefits system security.”
Taking a more long-term perspective, “a cyber PHA benefits an organization’s broader business practices. Applying a cyber PHA methodology documents business processes and requires the creation of integrated information security policies, procedures, standards, and controls used within an organization.”
