Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Top Cybersecurity Best Practices for Manufacturing Companies To Follow During the Height of Ransomware

Today’s manufacturing industry is straddling a line between traditional, legacy operations and modern times. While manufacturing facilities across the nation are more internet-connected than ever, the cybersecurity practices at most have lagged – putting the industry at great risk. Manufacturers today outfit their operational equipment, machines and assembly lines with a wide array of internet-enabled sensors connected to wireless networks. The vast volumes of data churned out from these sensors enable manufacturers to monitor equipment in real time, improve processes, increase productivity and create efficiencies. But the cybersecurity implications are too often an afterthought.  

The increasing use of internet-connected equipment and processes at manufacturing facilities expands the attack surface, providing more potential entry points for cybercriminals to infiltrate an organization and spread ransomware throughout its network. Cybercriminal groups recognize this and have been increasingly targeting manufacturers because they know that shutting down critical industries creates widespread pain, which increases the pressure for organizations to pay the ransom in order to get their operations running again. The attack on JBS food manufacturing, which shut down the processing plants that provide almost a quarter of the country’s beef supply, showcased the dire consequences that can result from ransomware attacks.  

As the use of connected devices and digital processes increase in manufacturing, so do the cybersecurity risks. Unfortunately, many manufacturers have fallen behind when it comes to adopting the cybersecurity best practices – or even the fundamentals – that are necessary to protect themselves from the growing ransomware threat. In the case of the Colonial Pipeline attack, the hackers were able to penetrate the organization’s network because it failed to require basic multifactor authentication (MFA) on a user account.  

With cybercriminal groups around the globe training their eyes on the industry, manufacturers must work to quickly strengthen their cybersecurity practices to prevent themselves from becoming the next ransomware victim. Here are the steps to take:    

  1. Conduct a Comprehensive Audit – You can’t protect what you don’t know is there. Many organizations are not aware of their full environment including all devices, applications and legacy systems that may be running. Begin by conducting a comprehensive audit of the entire environment to not only identify devices, applications and systems, but also to understand how they are structured and connected. Are systems segmented? Are manufacturing equipment and other operational technologies at risk if a user’s machine becomes infected? Are there any legacy systems running that no longer receive updates and patches? Is there unprotected remote access to these systems? Are there inactive user accounts or permissions that should be changed? Gaining visibility over your full environment enables you to make better decisions about what protections should be put in place.  
  2. Examine Third-Party Partners – Don’t stop at your own environment; look at your supply chain partners and their practices as well. Know what automated connections you have to third-party partners and inquire about their cybersecurity policies. The recent SolarWinds attack affected more than 18,000 organizations by spreading through a trusted supply chain partner and its customer base.  
  3. Consider the Cloud – Though cloud adoption is not as prevalent in manufacturing as it is in other industries, if there are any cloud services being used anywhere in the organization, make sure you have proper controls in place. Ask yourself: are you controlling what users can do with company data in the cloud? Are you securing the cloud to the same standard as your on-premises systems? Are your backups protected against malicious deletion? 
  4. Create a Roadmap – Once you have a full accounting for your environment, your partners’ environments and the cloud, it’s time to create a roadmap. Consider all the gaps, vulnerabilities and potential risks you identified, map out the actions that need to take place and assign ownership. Make sure they’re properly resourced, track progress and measure the results. You can leverage industry frameworks such as the NIST Cybersecurity Framework and the Cybersecurity Maturity Model Certification to help ensure that you have a security maturity framework to follow. The later was developed for the defense industry, but the model can be applied to any sector. 
  5. Communicate with the C-Suite – Perhaps the most important element of any organization’s cybersecurity program is communication with the C-Suite and Board of Directors. Many manufacturing organizations are not prepared for today’s cybersecurity threats simply because their leaders do not realize the risk they face. It’s vital that cybersecurity professionals effectively explain the level of risk and how an attack would impact the organization, its customers and its finances. This is critical for gaining executive support and obtaining the resources necessary to strengthen the cybersecurity practice.  
  6. Maintain – Once you have the cybersecurity fundamentals in place, you must consider how you will maintain those levels of control over the long term. Many organizations simply do not have the resources in-house to maintain 24x7 coverage. This is where turning to a trusted partner like a managed security service provider (MSSP) can help. With a dedicated and skilled security team in your corner, you can maintain around-the-clock coverage and faster responses to threats. If needed, an MSSP can also assist with the up-front work of auditing your environment, as well as mapping out and implementing your roadmap so you can achieve your goals faster.  

The time and effort required for many manufacturers to modernize their cybersecurity practices may seem daunting at first glance, but the cost of inaction is greater. A single ransomware attack can cause millions in damage, from the cost of shuttered operations to the ransom payment, to the reputational damage done to the organization. With the proper planning, manufacturers can strengthen their cybersecurity posture and prevent themselves from being the next headline.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More