Cybersecurity and ICS Ransomware
- Dr. Jane LeClair
- Jul 16, 2024
- 1 min read
By Charles Parker, II
Ransomware can be directed at any company. The bigger, the better for the number of targets, accessibility, and vulnerable points. The subject company may manufacture industrial control systems (ICS), physical security systems, and facility related tech.
Another successful ransomware attack took place in September 2023. This was recently reported in the company’s quarterly filing with the SEC. For this issue the company spent $23M. This massive amount was for the response; however, they also included the remediation. That’s not all. They reported $4M in lost and deferred revenues attributed directly to the attack. This issue was the result of unauthorized access. The bad actors were able to then exfiltrate data and deploy the infamous ransomware. Fortunately, the ransomware was deployed only to a section of the company’s IT infrastructure.
This is an example of the perils of third-party/supply chain access. Not enough information has been gathered to quantify a holistic view of the issue. There have been efforts on improving security with more companies asking for ISO27001 certificates, SOC2 reports, and asking vendors to complete cybersecurity questionnaires, however requesting is different than requiring. Too often the vendors passively refuse to honor the requests. This will continue to be an issue and a vulnerable point until more safeguards are put in place
Recent Posts
See AllWater facilities by Charles Parker, II When we read about new compromises or watch the news stores of the “sophisticated attacks”, the...
It’s not safe to go to meetings anymore! by Charles Parker, II Meetings on Teams or any other tool have become a requirement. Pre-COVID...
FDA Ramping Up Cybersecurity Compliance by Charles Parker, II On October 1, 2023 the FDA enacted the Cybersecurity Refuse to Accept (RTA)...
Comments