Midsized manufacturers must recognize cyber attack risks
August 9, 2019
Many manufacturers are largely unaware of the risks they face as digital technologies rapidly interact with and replace legacy analog equipment and systems.
Historically, the most attractive targets for cyber attacks have been industries with large databases of personally identifiable information (PII), such as financial services, healthcare, hospitality and national retailers. But most of these data-intensive firms have strengthened defenses and implemented more effective countermeasures. As a result, some bad actors have shifted focus to “softer” targets, that is, companies that have not been dependent on large data stores as core functions of their operations and lack robust security measures. This has placed manufacturers of all sizes, especially small and midsized firms, squarely in the crosshairs of cyber criminals.
Unfortunately, many manufacturers are largely unaware of the risks they face as digital technologies rapidly interact with and replace legacy analog equipment and systems. The introduction of new technologies frequently expands the “attack surface” of a business, which is the sum of all points of entry, or vectors, attackers can exploit to insert malware or extract data from a company’s digital environment.
For midsized manufacturers, keeping your attack surface as narrow as possible is a basic security strategy, but mapping the full extent of the exposure can sometimes be difficult. This is especially true when there may be locations in multiple countries and/or legacy equipment running dedicated software that has not been updated in some time. Other factors that can expand your attack surface include:
Connections with vendors, suppliers and customers
No matter what network defenses you have in place, they are only as robust as the defenses of the suppliers, vendors and customers with whom you may be connected in the normal course of business. An inadequately secured network of a third party can be an easy point of entry for a malware attack, as a national retailer1 discovered when a virus infecting an HVAC service provider entered its network through an environmental control monitoring function.
Industrial control systems
Advanced automation in the manufacturing environment relies heavily on industrial control systems (ICS) for the management, monitoring and functioning of production equipment. The infection of ICS software by malware can have more than financial and scheduling consequences due to downtime. It could result in actual, physical damage to equipment and, depending on the equipment affected, threats to the health and safety of your employees. By one estimate, half of all ICS infrastructures have faced cyber attacks.
Integration of new production equipment
When new equipment is added to the production and control environment, it usually requires the integration of dedicated operational software. However, that software may have been compromised at a point in its development process. And if it contains malware and is loaded into your digital environment, then you have a problem. Just such a scenario hit a Taiwanese computer chip manufacturer2 when the control software for a new piece of equipment being integrated into the company’s production process was already infected by a variant of the WannaCry virus.
Wireless connectivity and the Internet of Things
The expanding use of wireless connectivity in the production environment is another potential pathway for unauthorized access. While wireless connected equipment adds great efficiency, keep in mind that such connections are generally no more secure than a public internet connection. In effect, every piece of wireless equipment communicating with your network represents another potential opening to attack. Similarly, Internet of Things devices also generally lack robust security features and can represent a significant expansion of cyber risk.
Wearable technologies are revolutionizing our work and personal lives, but they can dramatically expand your company’s attack surface. Wearables can include sensors provided to employees to ensure on-the-job safety as well as your workers’ own personal devices, such as smartwatches, fitness trackers, smart glasses and headgear, wearable medical devices and even smart clothing accessories. If any of these devices can connect with the company’s wireless network, they represent another vulnerability.
Building a culture of cyber resilience
Strengthening your network security and building a culture of cyber resilience is a team effort that must include everyone from the C-suite to the production floor. Employees need to understand cyber security is not an exclusive concern of the head office. Workers at all levels need to be informed that inadequate password hygiene, inability to recognize email phishing attempts, failure to update legacy systems and equipment, and other security lapses can result in downtime that affects jobs and livelihoods. Cyber security training needs to be a key component in the onboarding process for new employees and on an ongoing basis for everyone in the organization.
Application whitelisting is another technique manufacturers can implement to ensure that only operating software from trusted, approved sources can be run on their networks. Unlike the traditional technique of application blacklisting, which identifies suspicious and undesirable programs and prevents them from executing, application whitelisting will only allow the downloading of software explicitly approved and identified as safe in advance, blocking all programs not on the whitelist from being loaded whether suspicious or not.
Building cyber resilience for manufacturing companies, and indeed all businesses, must begin with a network review and threat assessment of your current framework by experienced cyber security consultants. This will include a determination of whether malware may already be embedded in your network and a complete assessment of all potential points of entry in your attack surface. Once the assessment is completed, a process of ongoing monitoring by cyber security professionals, as well as vigilance in updating all operational software, will provide the protection needed in a digital environment growing riskier every day.
Detecting intrusions that may have already occurred is a critical first step in building cyber resilience and hardening your network against future events. Some varieties of malware are designed to remain dormant for weeks, and perhaps months, before unleashing their disruptive influence on a network. It is also not uncommon for a breach to go undetected for months. Once identified, it can take weeks to remediate the intrusion.
Learn more information about building a culture of cyber security.
2. Taiwan-based chip manufacturer TSMC warned that the infection. “TSMC: Computer Virus Deals $171 Million Blow to Top Apple Supplier.” CNNMoney, Cable News Network, money.cnn.com