March 31, 2022
For decades, the main security issues manufacturers grappled with involved things like vandalism, on-site theft and physical supply chain disruption. Then the Internet came along, digital technology became more sophisticated, manufacturing processes went online via the IIoT (industrial internet of things) and suddenly bad actors had several other potential avenues of attack from which to choose. Remote processes and robots, to name a couple.
The Covid-19 pandemic has only made things worse
According to a Dec. 2021 report from the Cybersecurity and Infrastructure Security Agency (CISA), “The Critical Manufacturing Sector is at risk from increased cyber-attack surface areas and limited cybersecurity workforces related to the COVID-19 pandemic. These trends increase the vulnerability of the Critical Manufacturing Sector to the growing number of ransomware attacks aimed at private businesses by increasing attack surfaces and reducing protective abilities.”
Ransomware is the scourge of companies in nearly every industry. In 2021, the average ransomware demand was $500,000. For bigger companies, that’s a fraction of what a shutdown would cost, so some of them just pay it and move on. For most SMBs, however, that would be a crushing and possibly catastrophic blow.
In the manufacturing realm, where ransomware has become an especially acute problem and attacks were up 156 percent quarter-over-quarter in Q1 of 2020 (the steepest rise of any industry), criminals “target systems lacking the inherent security controls required to protect themselves,” the CISO report states. “The result can be catastrophic production loss and downtime as well as lost revenues and penalties for production delays.”
If mitigation efforts aren’t ramped up considerably, experts have said, the situation will only grow more dire. Using information obtained through common tactics like identity theft, phishing, spam, fake web pages and social engineering, equipment could be re-programmed to produce sub-par products. Entire plants could be shut down and supply chains disrupted indefinitely.
Automated manufacturing processes are largely automated these days, Security Magazine explained. “Supervisory control data acquisition (SCADA) systems communicate with industrial control systems to provide manufacturers with real-time data and operations analysis. Together, these systems gather data and manage processes remotely. A hack might cause massive disruptions to the manufacturing process and employee safety.”
Lots of other sensitive information might be compromised, too, the article points out. Things like databases containing trade secrets, customer lists, employee data. Without firewalls and malware protection, they’re all proverbial sitting ducks.
Out-of-Sync IT and OT
Another manufacturing security gap stems from out-of-sync IT and OT (operational technologies). The two are increasingly merged for the sake of operational efficiency and improved customer service via real-time data that helps to minimize downtime by predicting when equipment needs maintenance before it falters or breaks. But as Deloitte noted in a 2019 study, it’s a complicated marriage.
“There are a number of areas where people, process, and technology overlap between the IT and OT ecosystems―areas where respective strategies need to be in sync. The reality of these technologies and how they are used, however, is often markedly different. OT system–related investment decisions are often made on the factory floor by leaders within operations, with less involvement from corporate IT and security departments. This can lead to a myriad of different technologies, often with different security control capabilities, that will likely need to be integrated to and then managed using existing IT network infrastructures.”
So what can be done to stem the tide of cyberattacks?
Because make no mistake, there’s no stopping them altogether. The best manufacturers can aim for (and ideally achieve) are security protocols that take a holistic approach that, per Deloitte, “extends across the enterprise (IT and OT) to identify, protect, respond to, and recover from cyberattacks.” Nearly everything is interconnected these days, whether within a single plant or between countries, and security methods must take that into account.
In a late-2021 article detailing “strategic shifts in the security ecosystem,” Gartner listed a host of mitigation methods that all apply to the manufacturing sector. Among them are cybersecurity mesh (“a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it’s most needed”), identity-first security, security-savvy boards of directors and privacy-enhancing computation.
When it comes to manufacturing security specifically, Securityintelligence.com suggests the following best practices:
- Leverage the C-suite to clarify the roles and responsibilities of both IT and OT teams. They can then use pilot programs and cultural exchanges to slowly begin fostering teamwork between IT and OT. Plus, they can teach teams to share their challenges, needs and viewpoints with one another.
- Augment defenses of your entire system by: 1) Taking inventory of all of your devices. Use that to determine which assets are most important; 2) Segmenting your network in a way that cuts down on risk — to legacy systems most of all — but still allows IT and OT to work together. These segments then give teams smaller sections within which they can implement network access controls along with network monitoring in order to defend against ransomware, phishing and other digital threats; 3) Using vulnerability management to patch all of the security weaknesses you can without taking key industrial assets offline.
While cyber attacks will continue to become more aggressive in nature and greater in number, manufacturers of all sizes have the ability to implement effective protective measures that significantly lower their security risk—to be proactive instead of reactive. Because once the damage is done, it’s hard if not impossible to undo.
As Laurance Dine, global lead of incident response for IBM Security X-Force, recently put it in a story by CSO Online, “Cybercriminals are becoming increasingly more resilient, resourceful, and stealthy in their pursuit of businesses’ critical data — so where businesses keep their data matters more than ever,” “It’s paramount they modernize their infrastructure to better manage, secure, and control the ‘who, what and why’ of accessing their data.”
Like what you read?
Contact us today to discuss the risk of ransomware to manufacturers.
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.