As more and more manufacturing organizations integrate new technologies (IT and OT), the complexity of their digital transformation opens the door to cyberattacks. IBM’s X-Force Threat Intelligence Index 2022 reported that, in 2021, manufacturing became the most attacked industry, beating out financial services and insurance.
What do Manufacturing Companies Have to Lose?
Manufacturers are especially susceptible to ransomware and other attacks that can lock or shut down production, costing millions in lost revenue and harm to their brand. Manufacturing organizations are also targets for industrial espionage as well as IP theft. In addition to these challenges specific to the manufacturing industry, all security teams are overwhelmed with discovering and prioritizing patching vulnerable software applications across the information network. Lastly, compliance rules and regulations add another burden to organizations, with large fines as punishment.
Cyberattacks on production companies, as well as any organization that deals with critical infrastructure, provide a unique situation where the consequences of the attack don’t remain in the digital world; they cross over into the physical world. For example, some food manufacturing companies require continuous operation and if they shut down production, they may need to dispose of any food components that expire while waiting for production to pick back up. Dealing with all the physical components of an attack, in addition to the digital, adds an even greater concern for these companies and should increase the motivation to make security a number one priority.
Why are Manufacturing Organizations Susceptible to Cyberattacks?
Cybercriminals have zoned in on the manufacturing industry because of its recent integration with new technologies. Manufacturers are not familiar with how to effectively protect these technologies and cybercriminals take advantage of:
Large Attack Surface
Industrial businesses are exposed to attacks because of their large attack surface which contains both Information Technologies (IT) and Operational Technologies (OT). These elements also increase risk because they are usually configured with basic security features that are easy to exploit. This comes in addition to the issues common to all industries, from unmonitored exposed assets to supply chain attacks.
Unpatched Vulnerabilities
47% of attacks on manufacturing were due to unpatched vulnerabilities (IBM’s X-Force Threat Intelligence Index 2022). Vulnerability prioritization is not a challenge specific to manufacturers, but rather to all industries. With the increase of vulnerabilities, organizations don’t have enough time or resources to even patch just the high-severity ones. Additionally, focusing on vulnerabilities that have a high CVSS (Common Vulnerability Scoring System) score fails to take into consideration both the potential compensating controls that prevent exploitation in an organization’s environment or the in-context level of risk that threatens business continuity or crown jewels.
Misconfigured Network Segmentation
A manufacturing organization may segment its production network from its corporate IT network, but a misconfiguration or inadequate policy can leave it vulnerable to lateral movement. If this is the case, once a cybercriminal gains access to the production network, he can move laterally to the corporate network and exfiltrate confidential documents or activate ransomware. While responding to the attack, the company might have to shut down its production partially or fully, causing them an even greater financial loss.
Lateral movement can also occur in the opposite direction—if a cybercriminal gains access to the corporate network, he can move laterally to the production network and interfere with production efforts. This can be potentially dangerous depending on what the company is manufacturing and how it might affect the consumers, for example with medicine, chemicals, or food.
Overcoming Manufacturing Security Challenges
The challenges listed above introduce new risks every day for manufacturing companies and affect their security posture. These variables—as well as unknown ones—are constantly changing and causing perpetual drift. Maintaining low risk requires cybersecurity leaders to take a proactive approach and continuously monitor their security program’s performance.
By taking a proactive approach and using automation, these organizations can:
Manage a Large Attack Surface
Solution: Use an attack surface management (ASM) tool that emulates real attackers to identify external digital assets and assess their exploitability against an organization’s security policies and solutions. Manufacturers can use ASM to discover misconfigured IT and OT devices, or any other vulnerabilities in their external attack surface. Once exposed, companies can prevent threat actors from leveraging them as an entry point to the corporate IT network. It is impossible to know for sure if third-party vendors are safe from attacks, but once you know where you are vulnerable to a supply chain attack, you can add compensating controls in your own environment to prevent an escalation.
Prioritize Vulnerabilities
Solution: Combining data collected by both vulnerability management solutions and simulated attacks can provide the full context of a vulnerability in a specific IT environment and considerably reduce the patching workload. The added context allows manufacturing organizations to consider compensating controls to accurately prioritize remediation and patching efforts based on the actual level of risk each vulnerability poses to an organization. Additionally, organizations can try maximizing resources by correlating the criticality of vulnerabilities with the value of assets, allowing teams to focus their patching efforts where they will have the most impact.
Validate Network Segmentation
Solution: To validate that networks are properly segmented, manufacturers can use simulated lateral movement attacks to assess what would happen if a cybercriminal gained an initial foothold. The organization could examine how far the hacker can move laterally within the network or if security controls could stop him. For manufacturing companies with a complex infrastructure, this test would ensure that there is no opportunity for lateral movement between IT and OT networks. A tool that continuously discovers misconfigurations and provides remediation guidance can help manufacturers reduce risk by closing gaps and guaranteeing that there is no way to move between networks.
Conclusion
Manufacturers should approach their cybersecurity with the same level of concern that they approach new technology—in fact, these two things should go hand in hand because cybercriminals are always looking for ways to find and exploit vulnerabilities in new technologies. To ensure both their digital and physical assets are secure, manufacturing and critical infrastructure organizations can take a proactive approach to cybersecurity and predict if and how cyberattacks can evade their defenses.
Click below to learn more about how Cymulate can help your manufacturing organization implement a proactive continuous security assurance program >>