Hackers have traditionally focused on computer software, resulting in the creation of many cyber security companies that promise protection for their office-based clients.
Those attacks are becoming more common, raising concerns about whether companies should step up their efforts to guard against them.
This is no small challenge. For companies with business technology - the computer systems used to control industrial enterprises - the risks of breach are plentiful, disruptions to machine processes could cause very serious problems.
For those involved in "critical infrastructure" - the dams, energy, oil and gas facilities required for the smooth running of society - the risks are more dramatic and may attract hacker that serve the national benefits of different states, and not just those that seek economic benefits.
"Our economy will disappear, our society will collapse - and these things are possible," said Sujeet Shenoi, a professor of computer science at Tulsa University who has been involved in many vital government projects. "There has never been a war in human history where vital infrastructure has not been attacked in any way."
80 percent of critical infrastructure at USA owned by private companies. "These companies are not prepared for [cyber attacks]. "You need some highly trained people to guide you," he said, noting that many former government experts are working in the field.
Historically, critical infrastructure and operational technology were kept separate from the computer networks commonly used at corporate headquarters. However, these worlds are now converging as obsolete analog systems become increasingly digitalized.
As with information systems, ransomware and malware can be used to infect "business technology" and critical infrastructure. The most high profile worm was the 2010 Stuxnet malware, which targeted its nuclear installations Iran. Activities of food company Mondelez and pharmaceutical company Merck disrupted by ransomware NotPetya the 2017.
Η Ukraine was recently attacked by power systems and earlier this year, the Norwegian aluminum manufacturer Norsk Hydro was forced to freeze its operations after falling victim to ransomware.
While the market for digital security providers offering support to these groups is smaller than the traditional IT security space, experts warn that businesses need to take action.
The moves may include evaluating corporate systems to ensure staff know which devices are connected to the network. Monitor and monitor these systems and develop a plan for the worst-case scenarios.
Above all, companies need to isolate the most critical systems to ensure that they can operate independently of them, says Pedro Abreu, head of strategy and strategy manager at Forescout, which processes the process “containing the explosion area ”.
"If there is an attack WannaCry"I want to be able to close this installation," he said, while the rest of the network will remain in operation, he says.
Each sector is equipped differently, experts say. Companies that have invested heavily in pockets such as oil have managed to shrink their investments to enhance their protection, as other companies such as the water sector are considered to be lagging behind.
In their favor, Michael Fabian, Synopsys chief consultant, notes that business technology systems are "very restrictive", which means that some experience is needed to they are shaken“. In comparison, always with those who provide services to consumers ", he says, citing examples such as Citibank, Target or Amazon.
Nevertheless, the functional ones technological systems have their own peculiarities. Firstly, testing them for vulnerabilities can be difficult because the systems are very sensitive or need to stop working to do so.
"There are extremely critical things we can't risk trying, but we do just that - we risk it - because we don't try," said Charles Henderson, global head of its hacking unit. IBM X-Force Red.
This means that e-security companies may need to test vulnerabilities to less reliable replication instead of an actual system.
And if a problem is not detected, it is more difficult to fix. “Their life cycles systems "These are extremely large," said Eric Cornelius, product manager at BlackBerry Cylance, a cybersecurity team.
In addition, even if digital security providers offer solutions, it may be many years before a system is updated. For example, many companies will opt to rebuild an offshore gas plant once it is fully operational, rather than upgrading to a larger one. costsays Mr Cornelius.