With a low downtime tolerance and lack of alignment between IT and OT security teams, manufacturing entities are a growing target for ransomware attacks. True or not, cybercriminals believe that manufacturing companies sacrifice security while placing more emphasis on safety, productivity and uptime.
According to the FBI's most recent Internet Crime Report, manufacturing was the second most prevalent critical-infrastructure sector to endure a ransomware attack. Ransomware, and other cyber-attacks, can lead to IP theft, data loss, downtime, and significant revenue loss; hence, it is vital to prepare for such attacks properly.
You already know this. But perhaps you don’t know the scope of ways to steel your enterprise against cyber-threats. Let’s explore six…
1. Identify the critical data you want to protect and conduct penetration tests to find vulnerabilities across the board.
It is important to take a preliminary assessment of one's cyber-hygiene, paying particular attention to whether the most vital data is protected. Manufacturing companies should consider backing up their important data in the cloud or elsewhere offsite. By doing so, in the event of a cyber-attack, you will be able to quickly restore any corrupted or missing data.
2. Instill a zero-trust mindset throughout your organization.
Embrace zero trust. Assume that every network-access request has originated from a nefarious source; every user on the network—including senior management—should be identified according to their identity, location and the health of their devices. In fact, users should only be able to access the applications, systems and tools necessary to do their specific tasks. Through the use of privileged-session monitoring and user-behavior analytics tools, you can keep all your internal communication encrypted, while also identifying anomalous activity and assessing the health of all the devices on the network.
3. Use machine learning to identify insider threats and anomalous behavior across the network.
Whenever possible, use ML tools that can help identify unusual employee activity on the corporate network. AI-based solutions create a baseline of normal activity; if there is a deviation from that baseline, an IT professional will be alerted. Similarly, AI tools can identify anomalous operating data as well. Manufacturing companies track a great deal of operating data, such as temperature, current, and voltage; ML-based tools trained on a normal operating baseline can effectively differentiate between a cyber-attack and normal fluctuations in operations.
4. Impose security requirements for your suppliers.
Manufacturing companies are at particular risk for global supply chain disruption. According to Business Insider India, supply chain attacks have been increasing over the past few years, and 40% of all manufacturing companies faced cyber-outages during the COVID pandemic. Given the importance of supply chain integrity in manufacturing, be sure to request that your vendors have appropriate security-compliance verifications, such as ISO/IEC 27001 or CyberEssentials Plus. Also, check your suppliers' security protocols to ensure that they are properly addressing their network security.
5. Use log-management tools to satisfy compliance requirements.
With shadow IT, hybrid work, and the use of low/no-code tools on the rise, it's important to understand what data is being collected across your network and for what purposes. Global security-compliance requirements, such as GDPR and ISO/IEC 27001, require organizations to maintain reports of their internal processes. This makes it important to monitor employee data, financial transactions, and all the logs across the network. An effective log-management tool can collect logs from both IT infrastructure as well as OT infrastructure. Be sure that your solution collects from servers, devices, end users' devices, and any applicable intrusion-prevention systems. Also, if there is an attack on the network, it's important to have an effective incident-management console to remediate the threat adequately.
6. Have an incident-response plan and a disaster-recovery policy in place.
In the event of an effective attack, it's imperative to have an incident-response plan, a disaster-recovery policy, a data-backup recovery plan, and specific rules regarding internal and external reporting. According to the forthcoming NIS 2.0 directive, the European Union has mandated stricter incident-reporting requirements. Among other things, organizations will have 24 hours to report cyber-attacks once the organization is cognizant of the attack. This will help improve consumer protection and prompt increased transparency and accountability among organizations in the event of cyber-attacks.
As manufacturing processes have become increasingly digitized, the attack surface has expanded. It's vital to have adequate tools in place to protect plant equipment, sensitive business data, and all endpoints. Likewise, it is important to manage all privileged access to your critical equipment, data and applications. Also, by monitoring thousands of devices in real time, you can ensure that your manufacturing systems stay up and running.
Lastly, cyber-hygiene isn't a one-time issue. Be sure to continuously assess your security hygiene, conduct penetration tests, and confirm that you always have access to backup data.
