The impact of cyberattacks on the industry: specific examples from major companies
Statistics on cybersecurity in the industrial sector are alarming. In the past year alone, 93% of companies within this sector have experienced a security breach, with a staggering 78% of them encountering more than three breaches! The current major threat to industrial sector is ransomware, which encrypts data and paralyzes the entire entity's operations. Even a few hours of downtime can result in million-dollar costs. However, the impact of cyberattacks on the industry extends beyond the direct costs associated with operational disruptions.
In this article, we present specific cases of companies in the industrial sector grappling with serious incidents. What did they experience, and did they emerge unscathed? Find out.
A Notable Case: Large-Scale Actions Targeting an Aluminum Powerhouse – Cyberattack on Norsk Hydro
In March 2019, Norsk Hydro, a Norwegian conglomerate engaged in aluminum production, its products, and renewable energy, fell victim to the LockerGoga ransomware attack. This led to the halt of certain production lines, requiring the company to resort to manual control in other instances. Employees were cautioned against using work computers and the internet.
Norsk Hydro responded promptly and efficiently to the incident, prioritizing clear and concise communication with employees and the media to avoid unnecessary panic. They set up an external website with crucial information about the incident. It's worth noting that the company regularly backed up essential files and had cybersecurity insurance, which facilitated their crisis management efforts.
Regardless, it was impossible to avoid the negative consequences of the attack. Norsk Hydro's stock value dropped by 3.4%, and global aluminum prices increased. The restoration of IT systems took several weeks, and it is estimated that the company incurred losses exceeding $40 million.
Paralysis of the U.S. fuel industry: Cyberattack on Colonial Pipeline
In May 2021, Colonial Pipeline, the largest operator of pipelines transmitting gasoline and aviation fuel in the United States, fell victim to DarkSide ransomware. Perpetrators gained access through an unused administrator account. After the attack, employees switched some IT systems to offline mode to protect the remaining equipment that had not been infected.
It quickly became apparent that hackers not only encrypted a significant portion of files essential for the company's operation but also stole about 100 GB of sensitive data. Fortunately, collaboration with the FBI allowed isolating the server with stolen contents, cutting off the cybercriminals' access. This helped mitigate the damage somewhat, but it was still substantial.
Colonial Pipeline decided to pay a ransom of $4.4 million to the hackers. The company's CEO admitted that such a decision caused significant discomfort but emphasized the priority of swiftly resuming the operation of the pipelines closed due to the attack.
The Colonial Pipeline disruption lasted six days. Delays in fuel deliveries caused panic among residents in the southeastern United States. People began stockpiling fuel, leading to shortages at numerous gas stations. The aviation industry also felt the impact, and in addition, gasoline prices noticeably increased.
High ransom for a meat industry company: Cyberattack on JBS Foods
In June 2021, hackers targeted JBS Foods, one of the largest meat suppliers in the United States. As a result of the incident, the company halted operations at all its American beef processing plants. Products from these facilities constituted one-fifth of meat supplies in the USA.
JBS decided to pay a ransom in bitcoin worth $11 million. The company emphasized that it had no other choice and wanted to resume operations as quickly as possible. They were aware that the experienced crisis would soon lead to price increases, impacting grocery stores, restaurants, and farmers.
A blow to the American food industry: Cyberattack on Dole
In February 2023, servers of the food corporation Dole, engaged in the production of fresh food, were breached. Due to a ransomware infection, the company had to temporarily close production facilities in North America and suspend the delivery of food products to many stores, resulting in substantial losses.
The company sought the assistance of external cybersecurity experts, collaborating with their own staff to swiftly address the issue and minimize negative consequences. Dole also informed law enforcement authorities and cooperated with them. Whether the criminals succeeded in stealing corporate data was not disclosed.
Problems in the German defense industry: Cyberattack on Rheinmetall AG
In April 2023, the IT infrastructure of the German defense and automotive conglomerate Rheinmetall AG, primarily known for producing Leopard and Panther tanks, fell victim to a cyberattack. Its subsidiary companies, including Kolbenschmidt, an engine manufacturer, were also affected.
While the cyberattack did not significantly harm the military operations of the conglomerate, which are associated with armored vehicle systems, weapons, and ammunition, it did negatively impact civilian entities responsible for producing components for industrial and automotive clients. This disruption caused a disturbance in the logistics chain.
It's worth noting that this incident wasn't the first involving Rheinmetall Automotive. In October 2019, malicious software infected the conglomerate's factories in the USA, Mexico, and Brazil, which were involved in producing automotive parts. The plants experienced a temporary halt in operations, and the company's stock prices saw a drastic decline.
How to ensure cybersecurity in the industrial sector?
To safeguard your company's cybersecurity, take advantage of a free IT security audit based on ISO 27001, TISAX, NIS 2 and COBIT standards. This audit will identify areas requiring immediate attention and assess compliance with regulations. Additionally, watch the free webinar recording on "Cybersecurity in the Industrial Sector." Regularly visit our blog, as well as our fan page or LinkedIn profile, where we share valuable information on cybersecurity.
Until next time!