Both the volume and the intensity of cyberattacks have been growing in recent years, with attackers focusing on larger and more lucrative targets. According to a 2021 report by CyberSecurity Ventures, the costs of cybercrime are rising precipitously at 15% per year, with a projected worldwide total of $10.5 trillion for businesses by 2025. Perhaps this estimate should come as no surprise: 78% of senior IT leaders say that their organization is not sufficiently prepared against a future attack, says a 2021 survey by IDG Research Services.
Cyberattacks can be particularly devastating for manufacturers using industrial automation, bringing the entire production line to a standstill. With news of the latest massive data breach or cyberattack constantly in the headlines, manufacturers proactively need to defend themselves so that they don’t become the next victim.
In this article, we’ll discuss why industrial automation programs need a disaster recovery plan for cyberattacks, as well as a few tips and best practices for how to create a cyber disaster recovery plan.
Why You Need a Disaster Recovery Plan for Industrial Automation
It’s all too easy to get complacent when it comes to IT security and disaster recovery. Businesses might believe that there are bigger fish in the sea for attackers to target, hoping to avoid a digital catastrophe with the all-too-common practice of “security through obscurity.”
Unfortunately, thousands of businesses once thought that they, too, were invulnerable to cyberattacks — until they became yet another victim. What’s more, once this cyber disaster has befallen them, they’re left struggling to rebuild and recover in the wake of the catastrophe.
When a cyberattack — or even an attempted cyberattack — happens to your business, you need a solid, well-thought-out plan for what to do next. Organizations that refuse to plan ahead for cyberattacks risk becoming just another statistic: 60% of small and medium-sized businesses that suffer a cyberattack go out of business in the next six months, according to research from the National Cyber Security Alliance.
The Types of Cyberattacks for Industrial Automation Programs
Given these considerations, what kinds of cyberattacks should manufacturers be prepared for with their industrial automation programs? While there are too many to mention in this section, we’ll briefly go over some of the most common types of cyberattacks in industrial automation.
Distributed denial of service (DDoS) attacks attempt to shut down a network, machine, or service, overwhelming its resources by flooding it with malicious traffic. Automated industrial control systems are particularly vulnerable to DDoS attacks. A 2021 study by Horak et al., for example, found that a simulated DDoS attack on IoT (Internet of Things) devices in an industrial environment resulted in communication failure and a shutdown of the production line.
In a ransomware attack, the files on a victim’s computer are encrypted, making them impossible to use without the attacker’s decryption key. The attacker then informs their victims that they can only restore access to their files by making a hefty payment with Bitcoin or some other cryptocurrency, which is nearly impossible to trace. Ransomware attacks are capable of turning computers into little more than expensive paperweights, preventing you from using them until the ransom is paid or the device is wiped.
Creating an Industrial Automation Disaster Recovery Plan for Cyberattacks
Hopefully, we’ve impressed upon you the importance of having a cyber disaster recovery plan — so what should the contents of this document actually be? Below are our suggestions:
- An inventory of your hardware and software assets, as well as a ranking of their importance — from mission-critical to an afterthought.
- An inventory of your cyber defenses. This may include antivirus and anti-malware programs, monitoring and alerting tools, SIEM (security information and event management) platforms, firewalls, encryption, password requirements, software updates, and more.
- A plan for responding to each type of cyberattack (see above). For example, if your business is facing a DDoS attack, solutions such as firewalls can help filter out potentially malicious traffic while preserving access for legitimate users.
- A plan for making backups of critical data at regular intervals and storing them in an off-site location (e.g. the cloud). These backups can be invaluable for recovering from ransomware attacks: instead of paying the ransom, businesses can simply restore the infected machines to the most recent backup before the data was encrypted.
- The individuals responsible for overseeing and executing the disaster recovery plan.
- A list of contact information for key decision-makers for coordination and communication before and during the disaster.
- Methods for testing your disaster recovery plan and updating it if necessary.
Although physical disasters such as floods, fires, and power outages are perhaps the most obvious dangers, cyberattacks constitute no less of a serious threat for industrial automation practitioners. By formulating an industrial automation disaster recovery plan for cyberattacks well ahead of time, you can stay one step ahead of the attackers and ensure that your operations will continue, even in the face of unexpected disruptions.
Looking to create your own disaster recovery plan? We can help. Consider working with a knowledgeable, experienced systems integrator like ICA Engineering to get the job done. Get in touch with our team of experts today for a chat about your business needs and objectives.
Image Credits: Piqsels @Creative Commons