Industrial Cybersecurity on the Rise: How Generic Malware Threatens All Sectors

Until recently, industrial organizations seemed largely immune to cyberbreaches. Early coverage of IIoT security focused on a handful of high‑profile incidents: the 2010 Stuxnet attack on Iranian centrifuges, a 2014 breach that damaged an unnamed German steel plant, and the 2015 Ukrainian power grid hack that left roughly 230,000 people without electricity.

Since around 2015, however, the frequency of such attacks has climbed, targeting a widening array of firms. “We’re seeing the industrial threat landscape shift from critical infrastructure to a broader, industry‑wide problem across the entire IIoT market,” says Yoni Shohet, co‑founder and vice‑president of business development at SCADAfence.

[Internet of Things World is where industrial enterprises find IoT innovation. Book your conference pass and save $350, get a free expo pass or see the IIoT speakers at the event.]

Concrete evidence supports this trend. In 2017, the NotPetya ransomware, which cost the U.S. food giant Mondelez (makers of Oreos and Cadbury) $100 million in damages, was denied coverage by Zurich Insurance Group—a case that led to a lawsuit. The same malware devastated Merck, costing the pharmaceutical company hundreds of millions in lost sales, as reported in its 2017 annual report. That year, WannaCry crippled a Honda facility in Saitama Prefecture and halted production at several Renault‑Nissan plants. In 2018, researchers uncovered Triton (also known as Trisis), malware designed to override emergency shutdown systems in an unnamed Middle‑Eastern facility.

The fact that commodity malware like WannaCry, Petya and NotPetya struck multiple industrial and enterprise companies demonstrates that firms can suffer devastating attacks without being specifically targeted. “You can just have the wrong connected device at the wrong location,” Shohet explains.

A key issue is the slow‑moving nature of many industrial environments. Unlike consumer technology, where devices are often replaced every few years, industrial systems can remain in operation for decades. This longevity means that control computers frequently run outdated operating systems such as Windows XP or Windows Server 2003, and legacy programmable logic controllers are still in use. Although “air‑gapping” can theoretically mitigate risk, maintaining a true air‑gap over time is challenging.

Consequently, an increasing number of industrial companies are recognizing the financial stakes—potentially millions of dollars in damages or broader destruction. Cybersecurity is no longer an afterthought; it is now integral to corporate strategy. A 2019 World Economic Forum study ranked cybersecurity as the fifth highest business risk by likelihood, with data theft and fraud fourth. In short‑term risk rankings, cyberattacks were the fourth highest for data or monetary loss and fifth for operational disruption.

Investment in cybersecurity is growing. Gartner projects global information security spending to reach $124 billion this year. In the industrial sector, the initial focus on oil, gas and utilities is giving way to a broader push across all sectors to beef up security budgets.

As technology adoption accelerates, continuous investment in cybersecurity will become indispensable. While AI offers tools to automate endpoint protection, it also equips adversaries to identify vulnerabilities and conceal malware. IBM research, for example, demonstrated the possibility of embedding WannaCry within a video‑conferencing program, activating it only when a camera detects a target. These developments, coupled with the rising threat to industrial and critical infrastructure, underscore the need for vigilant, proactive security postures.