Industrial systems are moving into hackers’ focus worldwide and pose enormous risks
Düsseldorf, June 2nd, 2022 – With the increasing use of intelligent machines integrated into an entire manufacturing network, the risk of hacker attacks is rising enormously. An IT study reveals that many industrial companies are barely aware of this risk and therefore have not implemented compliance rules for the acquisition and operation of IoT equipment. Just over half of the more than 300 business representatives surveyed said they have compliance rules for IoT security in place at their companies, while 35 percent have no rules at all. The figures were obtained by IT company ONEKEY as part of its “IoT Security Report 2022.” “Connected manufacturing is as efficient as it is dangerous. The plants have numerous hardware devices that use their own firmware and are now more than ever the focus of hackers,” warns Jan Wendenburg, CEO of ONEKEY. The company, which specializes in IT security, operates an automated analysis platform for software of smart products with a network connection, but especially intelligent industrial control systems and production plants. The majority of all companies rely on threat analysis (50 percent) and contractual requirements for suppliers (42 percent) to secure IoT infrastructures. “This settles the question of liability in case of doubt – but companies don’t realize that a dedicated attack on manufacturing equipment can threaten a company’s existence within a few days,” says Jan Wendenburg of ONEKEY.
The confidence of the more than 300 business representatives surveyed as part of the study in their own IT security measures shows the uncertainty: only 26 percent consider their own IoT security to be fully sufficient, 49 percent only partially sufficient. Almost 15 percent, on the other hand, even consider their own measures to be insufficient or even deficient. Even penetration testing is not fully trusted – only 14 percent see it as an efficient way to test the security of an infrastructure. 68 percent see it as partially efficient. “The problem needs to be addressed at the root, right during the production of assets, machines and endpoints. The IT industry could take a cue from the process industry – the pharmaceutical industry, for example. There, it is a legal requirement to have complete traceability and transparency for every component of a product. That would have to be equally standard in IT to eliminate the risks posed by easily hackable firmware on production equipment and other endpoints. Every piece of unknown software on a device or a simple building block of a device is a black hole with full risk of being attacked by a hacker or entire groups,” says Jan Wendenburg, CEO of ONEKEY. This software bill of materials, also called “SBOM”, is also supported by 75 percent of the respondents.
Meanwhile, the damage can quickly run into the millions: 35 percent of the IT managers and decision-makers surveyed for the study consider annual damage of up to 100 million euros to be realistic, another 24 percent even up to 500 million, and 17 percent more than 500 million euros. “Since the figures were asked between January and February 2022, a far more dramatic picture can now be painted. Since we know that IT attacks are also part of warfare, we must protect ourselves even better. Especially since we can also expect a further increase in industrial espionage as a result of the sanctions. Here, too, weaknesses in firmware can favor the intrusion of hackers and even make them almost invisible, because classic security measures often fail in the event of a hack via industrial systems or devices,” explains Jan Wendenburg from ONEKEY.