• Orange has found manufacturers and small- and medium-sized enterprises (SMEs) to be particularly vulnerable to cyberattacks
• In a hacking demo, the company showed how easy it can be to take over control of an industrial robot
• Security incidents in 2022 have been rising at a slower pace than in 2021, according to the operator’s latest Security Navigator report

Most cyberattacks in the past year were targeted at manufacturers and small businesses, with a significant rise in those hit by malware attacks, according to Orange’s Security Navigator 2023 report.

Of the operator’s security services division, Orange Cyberdefense (OCD), customer base, the manufacturing sector saw the highest percentage of all incidents, followed by retail and professional services. These sectors were found to struggle with internal threat problems, with manufacturing again topping the chart.

At an event held in France last week to present these findings, the company demonstrated a simulation of an attack that targeted a robotic arm which, as a result of the hack, was misplacing small cubes instead of organising them into a tray. Marie Forrat, head of operational technology (OT) for cybersecurity at OCD, explained that using an attack on the supervisory control and data acquisition (SCADA) – a category of software applications used for controlling industrial processes, which is connected to a controller that operates the robot – she was able to change the parameters and create physical damage in the use case, adding that this would be much more serious in a scenario where industrial objects weigh several tonnes.

In another showcase, she demonstrated how a hacker attack can compromise systems that manage heating and lighting at a reproduced manufacturing site.

The CEO of OCD, Hugues Foulon, noted that the manufacturing sector experiences the greatest number of cyber attacks but noted also that SMEs are particularly vulnerable to cyberthreats, especially malware incidents.

And while in 2022 the overall number of cyberattacks has grown by 5% year on year, the trend is still “encouraging” as the rate of the attacks is slowing down compared with 2021, when it rose by 13% year on year.

In total, OCD recorded 99,506 potential cyber threats to its customers, of which 29,291 were confirmed by the company: This equates to more than one security incident per day per organisation, according to the statistics included in the Security Navigator report.

Foulon pointed out that the company hasn’t noted a boom in cyberattacks in the wake of the conflict between Russia and Ukraine. It has identified, though, a geographic shift in the regions recording the most attacks from North America and Europe to east Asia and south-east Asia. These regions have increasingly been affected by cyber extortion – the act of cybercriminals demanding payment through a threat in the form of malicious activity against a victim, such as a data compromise or denial-of-service attack. The number of attacks has risen by 30% and 33% respectively in the past six months. During the same period, such attacks have decreased by more than 30% in the UK and the US, and by 20% in Europe.

In another finding, Orange group CEO, Christel Heydemann (pictured above), noted that nearly half of security incidents discovered by Orange in the past year were due to human error, whether accidentally (such as clicking on a malign link) or on purpose. This is why, she noted, the company is putting “humans at the heart of the development of Orange Cyberdefense” and why it is focused on raising awareness on the risks of cyber threats.

Boosting its presence in the world of cyber defence services is a cornerstone to Orange’s growth efforts - see Orange puts cybersecurity at the heart of its growth plans.

- Yanitsa Boyadzhieva, Deputy Editor, TelecomTV