Author : Tronserve | Monday, 29 April 2019
Gone are the days when cyberattacks were a passing obstacle for technology manufacturing companies. As smart machines switch out legacy equipment, the amount of cyberattacks is fast-growing, growing the risk of production slowdowns, product defects, and lower productivity.
Hackers know that many manufacturers, especially those that have 24/7 production lines or operate in a just-in-time manufacturing environment, are not able to suffer a lengthy disruption without adverse business effects. This vulnerability has resulted in a sharp increase in ransomware attacks that use malicious software to hold a system hostage until a ransom is paid. Essentially, it’s a style of felony.
The Chubb Cyber Index implies that ransomware assaults against manufacturers exceed similar attacks against all other industry segments, including healthcare—a traditional target. Hackers believe that a hospital is more liable to pay a ransom in order to restore operations for patient safety, and they count on manufacturers doing the same to keep the factory humming.
In a similar way, Verizon’s 2018 Data Breach Industry Report, which cites cyber espionage as an ever growing risk, reflected that data breaches affecting manufacturers had also increased. As well as extorting a ransom, hackers are also increasingly interested in finding a company’s research and development data, proprietary product blueprints, and intellectual property to sell on the Dark Web.
Upsides and Downsides
The advanced threat of a cyberattack puts technology manufacturers in a new and difficult position: a previously low-risk industry now has a high-risk profile. This is basically because of the industry’s embrace of the Industrial Internet of Things (IIoT)—the internet-enabled connections between operational technology (OT) and information technology (IT).
Profiting smart machines, technology manufacturers can make good quality products, maximize productivity and obtain real-time insights into the supply chain to shift production where needed. These and other benefits are attainable thanks to sensor-produced machine data that travels from OT systems to IT systems where the data is examined for business purposes. While these sensors can deliver great benefits to the manufacturer, in addition, they offer a new avenue for hackers to exploit, providing a new opportunity for the data to be stolen or compromised.
Regardless the very serious risks posed, the advantages of the IIoT have made it an integral part of productive methods of production and its use will stay to increase. As a result, technology manufacturers must strengthen the connections between their OT systems and IT systems to decrease unauthorized network intrusions. But how?
The 1st step in this process is to conduct a tech audit of the IT and OT systems to determine which assets are attached to the network. For one, it's not uncommon to find an old printer connected to the network. In past times, having a random printer on the network wasn’t much of cyber risk, but now that the IT and OT systems may also be on that same network, a hacker can potentially penetrate the printer’s antiquated operating system to gain entry onto the network and into the OT systems.
An audit will ferret out proof of unauthorized wireless local area networks within the plant’s perimeter and propinquity. It’s advisable for audits to adhere to the cybersecurity standards, guidelines and best practices of a certified framework, like the one provided by the National Institutes of Standards and Technology (NIST).
Segment the Network
Start thinking about an office building with a locked front door but a number of rooms with unlocked doors inside it. Just after a burglar gets through the first door, he has access to the rest of the building. Network segmentation locks all the doors, and only those with keys can gain access to different sections of the network. When defenses against unauthorized network access are implemented, more sensitive data can be segmented behind other “doors” that are locked with higher levels of security.
Hiring a third-party penetration testing firm is an extra smart tactic. They employ technicians who will try to defeat security methods and hack into the network. The lessons learned from these exercises can be used to further bolster safety measures.
Keep in mind, vendors add value to a business, but they will also put it at increased risk. Leverage software and other due diligence methods to remove and pre-qualify third- and fourth-party vendors well before they even enter the business ecosystem.
Ultimately, it’s incumbent upon all companies to teach and educate their employees to detect and report evidence of a phishing attack or other forms of destructive programming, given the role that social engineering plays in hackers’ strategies. Some manufacturers also perform mock phishing attacks to discover certain vulnerabilities and perk up their training programs—a smart tactic, given that the Chubb Cyber Index notes that more than 30 percent of cyber claims in 2018 involved phishing attacks.
This article is originally posted on manufacturing.net