Today’s manufacturing industry is straddling a line between traditional, legacy operations and modern times. While manufacturing facilities across the nation are more internet-connected than ever, the cybersecurity practices at most have lagged – putting the industry at great risk. Manufacturers today outfit their operational equipment, machines and assembly lines with a wide array of internet-enabled sensors connected to wireless networks. The vast volumes of data churned out from these sensors enable manufacturers to monitor equipment in real time, improve processes, increase productivity and create efficiencies. But the cybersecurity implications are too often an afterthought.
The increasing use of internet-connected equipment and processes at manufacturing facilities expands the attack surface, providing more potential entry points for cybercriminals to infiltrate an organization and spread ransomware throughout its network. Cybercriminal groups recognize this and have been increasingly targeting manufacturers because they know that shutting down critical industries creates widespread pain, which increases the pressure for organizations to pay the ransom in order to get their operations running again. The attack on JBS food manufacturing, which shut down the processing plants that provide almost a quarter of the country’s beef supply, showcased the dire consequences that can result from ransomware attacks.
As the use of connected devices and digital processes increase in manufacturing, so do the cybersecurity risks. Unfortunately, many manufacturers have fallen behind when it comes to adopting the cybersecurity best practices – or even the fundamentals – that are necessary to protect themselves from the growing ransomware threat. In the case of the Colonial Pipeline attack, the hackers were able to penetrate the organization’s network because it failed to require basic multifactor authentication (MFA) on a user account.
With cybercriminal groups around the globe training their eyes on the industry, manufacturers must work to quickly strengthen their cybersecurity practices to prevent themselves from becoming the next ransomware victim. Here are the steps to take:
- Conduct a Comprehensive Audit – You can’t protect what you don’t know is there. Many organizations are not aware of their full environment including all devices, applications and legacy systems that may be running. Begin by conducting a comprehensive audit of the entire environment to not only identify devices, applications and systems, but also to understand how they are structured and connected. Are systems segmented? Are manufacturing equipment and other operational technologies at risk if a user’s machine becomes infected? Are there any legacy systems running that no longer receive updates and patches? Is there unprotected remote access to these systems? Are there inactive user accounts or permissions that should be changed? Gaining visibility over your full environment enables you to make better decisions about what protections should be put in place.
- Examine Third-Party Partners – Don’t stop at your own environment; look at your supply chain partners and their practices as well. Know what automated connections you have to third-party partners and inquire about their cybersecurity policies. The recent SolarWinds attack affected more than 18,000 organizations by spreading through a trusted supply chain partner and its customer base.
- Consider the Cloud – Though cloud adoption is not as prevalent in manufacturing as it is in other industries, if there are any cloud services being used anywhere in the organization, make sure you have proper controls in place. Ask yourself: are you controlling what users can do with company data in the cloud? Are you securing the cloud to the same standard as your on-premises systems? Are your backups protected against malicious deletion?
- Create a Roadmap – Once you have a full accounting for your environment, your partners’ environments and the cloud, it’s time to create a roadmap. Consider all the gaps, vulnerabilities and potential risks you identified, map out the actions that need to take place and assign ownership. Make sure they’re properly resourced, track progress and measure the results. You can leverage industry frameworks such as the NIST Cybersecurity Framework and the Cybersecurity Maturity Model Certification to help ensure that you have a security maturity framework to follow. The later was developed for the defense industry, but the model can be applied to any sector.
- Communicate with the C-Suite – Perhaps the most important element of any organization’s cybersecurity program is communication with the C-Suite and Board of Directors. Many manufacturing organizations are not prepared for today’s cybersecurity threats simply because their leaders do not realize the risk they face. It’s vital that cybersecurity professionals effectively explain the level of risk and how an attack would impact the organization, its customers and its finances. This is critical for gaining executive support and obtaining the resources necessary to strengthen the cybersecurity practice.
- Maintain – Once you have the cybersecurity fundamentals in place, you must consider how you will maintain those levels of control over the long term. Many organizations simply do not have the resources in-house to maintain 24x7 coverage. This is where turning to a trusted partner like a managed security service provider (MSSP) can help. With a dedicated and skilled security team in your corner, you can maintain around-the-clock coverage and faster responses to threats. If needed, an MSSP can also assist with the up-front work of auditing your environment, as well as mapping out and implementing your roadmap so you can achieve your goals faster.
The time and effort required for many manufacturers to modernize their cybersecurity practices may seem daunting at first glance, but the cost of inaction is greater. A single ransomware attack can cause millions in damage, from the cost of shuttered operations to the ransom payment, to the reputational damage done to the organization. With the proper planning, manufacturers can strengthen their cybersecurity posture and prevent themselves from being the next headline.