The interconnected ecosystem of the manufacturing industry is an avenue for hackers to launch sophisticated attacks. Dr. Carnell Council, CISSP and Zachary Curley, CIPP/US, CISM, AT&T cybersecurity consulting, discusses ransomware’s impact on the manufacturing industry and shares best practices to reduce cybercrimes.
The manufacturing sector is an integral part of a successful economy. The population is reliant on manufactured goods whether we’re working, eating or driving, we are surrounded by them. In fact, the manufacturing industry can be at the forefront of innovation and technology, which sets trends later adopted in other industries. For instance, developments in operational technology (OT) have seen many systems become digital across business operations and production floors to manage processes and equipment.
These digital systems are automated and managed by sensors that relay information to both machinery and computers on the system and facilitate the transfer of data. Yet, with manufacturers incorporating these highly connected systems, there is an avenue for hackers to modernize their ransomware tactics and launch attacks directly to these systems if risks are not properly addressed.Â
If successful, a ransomware attack may have the capability to disrupt the manufacturer to the point where operations are brought to a halt. The manufacturing industry has witnessed its fair share of attacks in recent months, and these should act as a wake-up call for decision-makers to act and implement security best practices to reduce cyber risk.Â
See More: How To Create Harmony Between End-Users and Security Teams
Risks Posed by Ransomware in Manufacturing Environments
The increase in adopting digital systems within manufacturing means that any attack can cause substantial disruption to all equipment, devices and critical services that are connected.Â
For example, network-based file sharing is a key component of the manufacturing environment as it facilitates the sharing and transfer of design and other engineering documents, serving as a repository for saving workflow parts lists, references, and tooling files. When considering the business side of manufacturing facility operations, network file sharing allows managers and other staff to store information such as invoices, purchase orders, or other information related to their suppliers and vendors.Â
While it’s possible a ransomware attack that impacts the file repositories will not influence the manufacturing production line, this is heavily dependent on how the organization segments its network. It is highly likely that business operations such as product engineering and design will be negatively impacted regardless. Moreover, manufacturers have a wide variety of third parties they work within the supply chain, meaning if intellectual property is stolen or if a system is breached, this can cause a domino effect within the industry.Â
Hackers are continually evolving cyber threats, and modern ransomware attacks have been developed to not only encrypt data but also steal it. This can have serious implications for manufacturers, potentially leading to blackmail scenarios with the end goal being payment for the return of the stolen information. With that said, cybercriminals should not be trusted, as many have been found to leak sensitive data on the dark web despite having the ransom paid.Â
Furthermore, modern ransomware attacks may utilize tools to infect and shut down systems while also removing all access from the organizations’ users. Other ransomware variations have included disruptive capabilities like scatter mechanisms that will flood a manufacturing system’s automation networks with data packets to affect its real-time response time until it completely paralyzes it.Â
If hackers are successful, this can negatively impact a manufacturer’s operations by blocking access to utility systems, such as heating, cooling, and affecting power supplies to human-machine interfaces. Also, depending on the malware variant used, they may have the skills to navigate across to other systems connected to the same network.
See More: Want to Stay on Top of Cyber Threats? Try Thinking Like an Attacker
Striking a Balance for Risk
It can be said that many manufacturing networks were formulated with cybersecurity as an afterthought. One area for concern is the number of outdated machines and systems with critical responsibilities that are not adequately protected. These are likely to have multiple vulnerabilities that can be exploited. Updating software on legacy systems in OT networks can bring its own challenges, though. At this crossroads, manufacturers need to weigh the cost of the risks involved versus integrating control systems with modern standards.Â
Given the size of many manufacturing businesses, it can be a big task for security professionals to gain visibility into every connected device or system that supports critical operations. Some manufacturing systems can go years without being offered software updates or security patches, but the systems and machines continue to be used because of their importance. OT professionals need to be aware of these systems and pay close attention to those that are no longer supported with updates because they can bet attackers will be watching them.
Given the myriad of technologies, protocols, and software that are now being leveraged by manufacturers, it’s understandable to some degree as to why they have become more susceptible to threats like ransomware.
How To Secure Manufacturing Networks
A lack of patching, the use of insecure operating systems, and unencrypted communication between systems can all lead to a ransomware attack, a data breach and a loss of finances or operational downtime. Thankfully, we are now operating at a time where security defenses are available to tackle such issues and advice is readily available so that organizations can implement effective security measures to mitigate attacks.Â
Implementing security best practices, such as NIST guidance and solutions, are advisable to help reduce certain threats against the environment, but additional layers of security are also needed to tackle the threats posed by the legacy systems found across the manufacturing industry. This also includes safeguarding sensitive assets and data from cybercriminals. Additionally, conducting regular cyber assessments across the organization and its infrastructure should be embedded within the security strategy to understand and mitigate cybersecurity risks and identify what is required to remediate vulnerabilities.
The number one risk-reducing exercise should be an effective patch management program to address the weaknesses surrounding the legacy systems in use. Another step manufacturers can take to improve their device or software selection processes by approaching it with a security-first mindset. Finally, regardless of the size of the organization, conduct full audits and assess the processes, protocols, and systems in place to evaluate the current level of risk across the business.Â
See More: Why Cybersecurity’s Latest Buzzword, Zero Trust Needs a Simple Approach in the Hybrid World
Closing Thoughts
Carrying out some of these tasks internally can be difficult, particularly in organizations that have built silos between their IT and OT functions, so explore external services and partners to help with security requirements. Those that have managed vulnerability programs and can offer managed threat detection and response solutions can help relieve the burden on the organization.
As threat actors evolve their ransomware techniques, it is clear from recent events that disruption is the name of the game. By taking even small steps now to understand risk and points of exposure better, manufacturers can make sure they’re not attackers’ next easy target. Â
Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.