H Ransomware 64ae9837e904f

What every manufacturing CEO needs to know about new ransomware tactics

July 12, 2023
"Utilities and critical-infrastructure firms must start seeing their own assets through the eyes of potential hackers."

We regularly read reports on the threat of ransomware attacks to the manufacturing and utilities industry. These threats are so significant that more than half of IT managers in the manufacturing sector are spending their time battling ransomware attacks. That’s a significant proportion of your IT resources diverted to fighting fires rather than focusing on business-critical priorities.

So how can firms break free from this grip that ransomware has on their operations and IT departments? They should be thinking like a ransomware attacker.

Utilities and critical-infrastructure firms must start seeing their own assets through the eyes of potential hackers. By adopting an adversarial perspective, IT leaders can proactively identify vulnerabilities and weaknesses that attackers might exploit. 

Nobody understands the operational side of your manufacturing industry better than you—but when it comes to security, business leaders must think less about operations and more about exploiting weaknesses. By assuming the role of an adversary, you’ll gain the upper hand in identifying vulnerabilities and weaknesses through attack-chain validations.

It's time to ask the hard questions: What in your infrastructure can be leveraged as a launchpad for a malicious campaign? Where could the most damage occur? Redirecting remediation efforts toward these focal points is key. But, of course, sometimes it’s difficult to even know where to begin. 

It all comes down to visibility

Inadequate visibility into operational technology environments is a major vulnerability. Firms can counter this by embracing a proactive approach to their security strategies. What does this mean in practice? Firms should be identifying, monitoring and protecting critical assets. Heightened visibility over these critical assets is a must. Combine this with comprehensive staff security training and you’ve got the foundation for a robust security defense. But it doesn’t end there.

Test, test, test

Regularly testing and assessing your firm’s network and infrastructure offers real-time insights into your security status. Firms should also be continuously monitoring their password and credential strength and policies. Do you know for certain that all your employees adhere to your credential policy? Are they sharing credentials? This kind of visibility is crucial—and once you have it, it needs to be put to the test.

It’s not enough to just test your defenses at a single point in time and hope that’ll be enough. Firms must employ multiple rounds of testing to find those hidden areas that attackers could exploit. In doing this, your firm is both staying one step ahead of the attacker and continually improving your security controls. 

When testing in this way, it’s recommended that firms use industry-standard frameworks—ensuring your testing strategy is in line with the most common attack types and techniques. 

Automated security validation

An emerging solution for manufacturing firms is automated security validation, which empowers security and IT teams to protect their entire attack surface. Automated security validation in this way mimics the behavior of an attacker, going beyond just vulnerability management and patching.

What we’re finding is that it’s no longer enough just to look for vulnerabilities and patch them (especially if those vulnerabilities might never actually be exploited because they’re not specific to your industry or firm). Firms need laser-precision insights on what exactly threatens their critical assets and systems—automated security validation provides this. Minimizing exposure to your IT-OT attack surface is the ultimate goal, and that’s where IT and cybersecurity resources should be focused.

By leveraging innovative and creative thinking—and by adopting the mindset of an attacker—the manufacturing industry can break free from the clutches of ransomware threats.

Stay ahead by thinking like an attacker, increasing visibility over your systems, and continuously putting those systems to the test. This, more than anything, is the key to protecting critical infrastructure systems and minimizing operational downtime. 

About the Author

Steve Whiter

Director at Appurity