With the Internet of Things comes possible increases in efficiency, but also more vulnerabilities. Conversely, older systems can’t always defend against today’s digital attacks.
Most manufacturers used outdated operating systems, TrendMicro found in a survey of its customers. Among TrendMicro’s customers who attached onto their proprietary infrastructure, the company found that the majority run on Windows XP, which was rolled out in 2001 and is no longer supported. There are some good reasons for businesses to use it: Windows XP is robust, easy to use, and doesn’t get in its own way as much as its successors. If companies don’t want to go through the trouble overhauling their operating system and potentially retraining workers and clients, they could do worse than Windows XP. Additionally, newer operating systems have had less time to trickle down through the industry, making it statistically more likely that older systems will be in use.
Robert Hannigan of BlueVoyant points out in a post for manufacturing.net that 2017 was a turning point for C-suite executives in manufacturing. This was when they saw that ransomware attacks like Wannacry and NotPetya hit businesses hard, even if manufacturers specifically weren’t affected. It takes a long time to turn the ship.
TrendMicro found that among the companies they studied, “Zero-day vulnerabilities purchased in human-machine interfaces (HMIs) of industrial control systems increased by more than 200 percent in 2018 compared to the previous year.”
Older operational technology often does not receive patches to defend against new attacks because it is not considered a critical part of patch rollout, according to TrendMicro. In order to prevent attacks, TrendMicro recommends basic cybersecurity protections such as restricting user access and disabling directory listings, and identifying and prioritizing key assets.
“The engineer’s instinct—to keep things running and not to tamper with something that is working—does not hold good for IT security, where running a process on unpatched or outdated operating systems and software opens up huge risks.” said Hannigan.