Cybersecurity has garnered a lot of attention as hacked political elections and take-downs of e-commerce sites fill the headlines. Global electronic manufacturers, though, are at greater risk than ever before and may be at the top of the hit list for many cyber-criminals, espionage and hacktivist groups looking for an opportunity to disrupt key business activities, steal intellectual property (IP) and achieve monetary, strategic and political gain.
“Recent reports about nation-state cyberattacks against U.S. utility control systems show that cybercriminals are intent on surreptitiously taking inventory of critical industrial assets and intellectual property to disrupt manufacturing business operations,” said Vikrant Gandhi, industry director at the analyst firm Frost and Sullivan.
This year, industrial manufacturing and technology companies experienced data breaches more often than almost any other business sector, according to the 2018 Cost of a Data Breach study from the Ponemon Institute and IBM. Only the financial services and services sectors had higher breach rates, the study found. Manufacturing is at the heart of business for most countries, making it a compelling sponsor for state sponsored attacks, Chris Morales, head of security analytics at security provider Vectra said.
By deploying security automation, organizations can reduce the cost of a breach, according to the Ponemon study. For organizations that fully deploy security automation, the average cost of a breach is $2.88 million. By comparison, those without automation take a bigger hit: $4.43 million. Extensive use of IoT, which is used in manufacturing, increases the cost of a breach by $5 per compromised record the report said.
In the past, manufacturing was not a sector that embraced technology. “At this moment, you are in the spot of information technology (IT) and operations technology (OT) convergence,” said Morales. “Even four to six years ago, you could have considered manufacturing an IT laggard. Today, the speed of adoption in manufacturing is so fast that it has become the number on adopter of internet of things and particularly industrial internet of things.”
Now, the manufacturing industry, with its rapid adoption of enterprise information technology, use of industrial IoT devices, and embracing of Industry 4.0 initiatives, are experiencing higher than normal rates of “cyberattack-related reconnaissance and lateral movement activity,” which in turn leads to attackers spying, stealing information, or spreading malware, according to the new 2018 Spotlight Report on Manufacturing report from Vectra.
“The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit,” said Morales.
The report identified three types of activity that are surging in manufacturing:
- Malicious internal behaviors , an indicator that attackers have infiltrated the corporate network. “There is a massive amount of external remote access going into manufacturing networks,” Morales said. “Attackers can hide in a legitimate connection or create a seemingly legitimate connection.”
- Reconnaissance behaviors, which point to attackers mapping out manufacturing networks in order to identify critical assets. “In manufacturing, huge amounts of data are moved out of the network all the time, making real world data easy to get int eh netweork and move around the network,” Morales said.
- Lateral movement , indicating that attacks are proliferating inside the network. “There is twice the amount of lateral movement in manufacturing compared to what we normally see, affecting specifically machine to machine traffic, which is the bread and butter of the industrial internet,” Morales explained. “Once a hacker gets into the network, they can pivot and propagate across the network.”
Today, most organizations are under-informed security. According to the recently-released Accenture Cyber Threatscape Report 2018, 71% of organizations are still growing and expanding their knowledge of cyberattacks, hacktivist activities, cyber espionage, and other cyber threats. The same percentage of chief information security officers (CISOs) surveyed in the company’s 2018 State of Cyber Resilience Report released in April, said that cyber security is a “bit of a black box; we do not quite know how or when they will affect our organization.”
Manufacturing finds itself in a bind when it comes to implementing cyber security. “Adoption of technology on manufacturing production floors is faster than the IT team and security teams can keep with and understand what’s happening,” said Morales. Further, the aim of most supply chain applications is to share information readily—an effort that is directly in conflict with the goal of security applications. “Plant managers are telling me that they can’t implement really strict access controls,” Morales added. “They won’t do basics, like patching the machines, because they don’t want to take a chance that the patch will break the system. It creates a huge attack surface.”
Further, the close integration that makes the supply chain flourish increases risk. “This past year has demonstrated that attackers are increasingly going after the organization’s weak spot – their suppliers - as an easier way to get into an organization,” said Matan Or-El, Co-founder and CEO of Panorays. “While evaluating the security risk emanating from a supplier, it’s important to understand the business and technological relationship between the supplier and the organizations. These relationships will not only define the level of risk, but will also help in understanding how to mitigate risk.
Harder still, most organizations only have manual security audits in place. “Today, it’s a very manual process of sketching out the security posture of suppliers, usually by a questionnaire or survey with 40 to 800 questions,” Or-E said, adding that it might cover elements ranging from physical security to firewall set up and password complexity. “It can take five to six months to on-board a supplier.”
— Hailey Lynne McKeefry, Editor in Chief, EBN