What would an OT cyberattack really cost your organization?

If there's one thing an organization's C-suite technology and their plant managers, operators, and OT experts need to be on the same page about, it's this: Downtime is never an option. It's one thing if the IT systems have to go on lockdown, but on the operational technology side, the consequences of an OT attack and shutdown can be devastating in any number of ways that may be hard to recover from. Preventing them is a goal that needs to be embraced as strongly across the C-suite as it is on the factory floor.  

1) Human lives at risk  

Attacks on industrial control systems (ICS) may not be just about ransomware or accessing information but about deliberately making machines misbehave. Attackers can exploit vulnerabilities to make machines overheat, or robotic arms swing unpredictably. A failed attack on a water utility in Florida attempted to raise the amount of lye in the drinking water; success might have killed thousands.   

A rising number of these attacks are state-sponsored, such as the attack on Ukraine's power grid. In 2015, a Trojan malware tool called BlackEnergy, reportedly delivered by simple spear phishing emails with malicious Microsoft attachments, was used to try to execute harmful remote operations on circuit breakers via remote administration tools or Virtual Private Network (VPN) connections. The power outage lasted six hours and affected many customers as the attack disrupted Ukrainian utilities. There were no casualties reported, but the situation could have caused life-threatening emergencies in hospitals and other settings.   

2) Revenue lost 

When operations in your factory, plant, or substation shut down, revenue will cease. So, an important question not just for the CISO, but for Operations, Finance, and other chiefs is how long you can go without the expected revenue that you may never see?  

The average downtime from a ransomware attack is 21 days, depending on how well an organization is set for disaster recovery. If machinery is damaged, restoration can take months. In one instance, a manufacturer was shut down in an entire region and lost millions in revenue. Ask yourself and your leadership team, can you afford to be shut down for 21 days or longer? And wouldn't it be economically wiser to invest in robust OT cybersecurity prior to an incident instead of after?    

3) The ransomware payouts. 

According to a study by Sophos covering early 2023, the mean ransom payout was $2 million for companies with $1 billion to $5 billion in revenue. And even when an organization pays the ransom, which many do, they rarely get 100% of their data back. 

When an attack hits, operating on backup may be your best option, and indeed, some companies choose that instead of paying the ransom. So hopefully, you have proactively and regularly backed up your information and configurations. But doing so may be tricky for many companies, as their systems are often running for 10+ years with little institutional knowledge available to recover from ransomware. 

4) Replacement equipment to purchase 

The devices that can be damaged or destroyed in an attack are fantastically expensive. Assets such as programmable logic controllers (PLCs), human/machine interfaces (HMIs), and SCADA (supervisory control and data acquisition) systems that you're currently running are highly specialized, with a single unit costing hundreds of millions of dollars. 

In a cyberattack, the cost of replacing multiple infected machines can overtake all other costs combined, and not every company will be able to handle that expense.  

5) Labor costs increase 

As mentioned earlier, the moment many companies decide to investigate, implement, and pay for effective OT security is in the aftermath of an attack, at which point they often discover prevention would have been cheaper. Because even while production is shut, revenue is missing, and ransom is being paid, businesses are also taking on new labor costs as they hire consultants to manage their response, remediate the threat, install new protections, and try to get operations back online.   

The irony is that people who attacked your OT environment didn't work anywhere near as long or hard as the people on your payroll who have to put it back together.  

6) Your reputation takes a hit 

There will be significant damage to an organization's public reputation as news of an attack gets out. The customer trust that took years to build may be gone in an instant, and customers forced to find another supplier while you're shut down may not come back. After all, your shutdown not only inflicted damage to companies further down the chain, it may also have created an impression that you were careless in letting it happen. It's easy to see why most companies impacted by an attack see their stock prices drop. Recovery can take years.  

Take proactive measures that are OT-specific  

For CISOs and other IT leaders evaluating OT cybersecurity solutions, the most important thing to know is that OT environments and security challenges are hugely from those of IT. Automated systems offer many more attack vectors, including hard-to-protect legacy technology. Attackers are growing more imaginative, and OT systems are both target- and vulnerability-rich. Look for solutions that are designed for OT by people who understand it.    

TXOne Networks’ expertise in operational technology has been used to develop OT-native technology that’s both practical and operations-friendly. It's used by leading enterprises and infrastructure managers to safeguard communications, manufacturing, energy production and distribution, and other critical operations. Our multi-pronged approach includes both physical devices and control consoles that understand the specific protocols of OT and will prevent alterations, malicious reconfigurations, and misuse. 

Learn more about TXOne's OT cybersecurity solutions.