Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for managing and monitoring industrial devices and machines, connecting OT to IT.
Such connectivity enhances productivity, reduces operational costs and speeds up processes. However, this convergence has also increased organizations’ security risk, making manufacturers more susceptible to attacks. In fact, in 2022 alone, there were 2,337 security breaches of manufacturing systems, 338 with confirmed data disclosure (Verizon, 2022 DBIR Report).
Ransomware: A Growing Threat for Manufacturers
The nature of attacks has also changed. In the past, attackers may have been espionage-driven, targeting manufacturing companies to steal Intellectual Property (IP) and secrets. Today, however, ransomware attacks and attacks involving stolen credentials are far more prevalent.
In 2022, manufacturing was the most targeted sector for ransomware attacks, seeing an 87% increase in ransomware attacks from the previous year. This is due to manufacturing’s aversion to downtime. Or as Verizon put it in their 2022 Data Breach Industry Report, manufacturing is “an industry where availability equals productivity.”
Despite understanding the risk, many manufacturing companies are not yet prepared to handle an attack. According to Security Scorecard, 48%, nearly half, of the manufacturing companies reviewed scored a C, D, or F in security. This comes at a high price: the average cost of a critical infrastructure data breach is $4.82 million, according to IBM’s “Cost of a Data Breach” report.
Recent high-profile incidents such as the ransomware attack on Dole Company, one of the world’s largest producers of fruit and vegetables, have shown how crippling these attacks can be. The company was forced to temporarily shut down its North American production facilities.
In August, two Luxembourg-based companies were attacked with ransomware. The attackers took down customer portals and exfiltrated data from systems. And of course, the infamous Colonial Pipeline incident, the poster child of cyber attacks on critical infrastructure. These are just a few examples, and there are many more.
What can manufacturers do to protect themselves?
5 Steps Manufacturers Can Take Today to Reduce Exposure of the Attack Surface
Reducing the risk of cyber attacks is essential for ensuring the plant floor continues operating, uninterrupted. Here are five steps manufacturers like you can take to reduce cybersecurity risk:
1 — Test Again and Again
Regularly testing and assessing your organization’s network and infrastructure provides you with real-time visibility into your security posture. By testing and then testing again (and again) you will be able to identify real vulnerabilities that can be exploited by attackers. You will also be able to evaluate the effectiveness of your security controls and identify areas for improvement so you can adjust your security program and stack. This will also give you a competitive edge, since by preventing attacks you can ensure you are always productive and proactively eliminate operational downtime.
Use industry-standard frameworks like MITRE ATT&CK and OWASP to ensure you are testing for the most prevalent attack types and techniques.
2 — Automate Your Security Processes
Automation allows for optimal use of time and resources. Such efficiency helps streamline your efforts and reduce the time and effort required for identifying and responding to security threats. Therefore, it is recommended to automate the security measures you take. For example, automate the testing of your network.
Automation also creates standardization, consistency and accuracy, to prevent errors. As a result, you will be able to scale and increase the scope of your security practices, in a cost-effective manner. In addition, automated systems are often easy to use, enabling control at the click of a button. This enables any user to surface risk easily, by letting the platform do the work. When choosing your automation tools and platforms, make sure the program is safe by design. Implement a solution that does not incur downtime and can be relied on.
3 — Take the Adversarial Perspective
While no one thinks ‘like a manufacturer’ better than you, when it comes to security, it’s time to put your ‘attacker hat’ on. Hackers are looking for any way to exploit your network, and they’re not waiting for a playbook to do it. Try to think out-of-the-box and to apply different perspectives and analysis methods. Thinking like a hacker is the best offense you can take.
By taking the adversarial perspective, you can proactively identify vulnerabilities and weaknesses through attack chain validations and mitigate them before they are exploited. In the long-term, thinking like an attacker can help you develop better security strategies, to minimize the chance of an attack or the blast radius of one in case it occurs.
4 — Prioritize Patching Based On Actual Risk
Prioritization of vulnerability remediation based on business impact is the most cost-effective way to mitigate the risk and reduce exposure to a cyber attack.. Start with patching critical vulnerabilities and threats, based on evidence-based testing, that could have the greatest impact on your business operations. Don’t hypothesize, examine your tests to see which security gaps create “kill-chains” with true impact for you, and proceed to remediate them first .
Prioritization also helps get rid of the “noise” caused by too many security alerts. Even small companies have an unmanageable amount of alerts from security tools they need to sort out.
5 — Benchmark Your Security Posture
By continuously testing your attack surface at regular, frequent intervals, you can continuously benchmark your security posture. This helps increase security in a number of ways:
- Measure the effectiveness of your security measures compared to industry standards and best practices.
- Show areas of improvement that are the result of successful remediation.
- Demonstrate compliance with industry regulations and standards.
- Gain valuable insights into your security posture and strategy so you can make more informed decisions.
How Automated Security Validation Helps Manufacturers
An Automated Security Validation program provides context and accuracy when validating an organization’s attack surface. With minimal set up, requiring no agents or pre-installations, security and IT teams at manufacturing companies can safely challenge their complete attack surface to pinpoint the most damaging security gaps – just like a real-life attacker would. This significantly enables teams to scale security efforts and minimize exposure on the IT-OT attack surface.
Every company has some level of tech debt. Unless you’re a brand new start-up, you most likely have a patchwork of solutions that have been implemented throughout the years, often under various leadership teams with different priorities and goals. As those technologies age, they can leave your organization vulnerable to cyber threats. While replacing legacy...
LOLBAS (Living Off the Land Binaries And Scripts) is an attack method that uses binaries and scripts that are already part of the system for malicious purposes. This makes it hard for security teams to distinguish between legitimate and malicious activities, since they are all performed by trusted system utilities. Since LOLBAS are one of...
The rapid pace of technological advancements constantly create new attack vectors and attack surfaces. Consequently, it is critical to constantly stay up-to-date on new changes, in addition to revisiting older technologies and previously identified attack surfaces to ensure that proper security protocols were put in place. As part of Pentera Labs’ mission, we aim to...