The global destabilization of manufacturing organizations due to the pandemic has made industrial control systems (ICS) more vulnerable than ever to cyberattacks. According to one threat intelligence report, manufacturers saw a 300 percent increase in cyberattacks last year. However, despite that rise, businesses are not taking necessary action. The recent supply chain ransomware attack on Kaseya's IT management software impacted as many as 1,500 organizations globally, highlighting the imminent need to improve security processes and policies to protect our critical infrastructure.
Hackers continue to target industrial control systems (ICS) and legacy security measures primarily because they utilize outdated processes and technology that expose vulnerabilities. As manufacturing supply chains become increasingly automated and rely heavily on remote access, leaders must focus on cyber hygiene. Securing remote access by implementing cyber hygiene practices and processes is the most effective way to ensure manufacturing organizations can protect themselves from future attacks.
Securing Remote Access Points
Before the pandemic hit, the manufacturing industry was beginning to embrace modern technological solutions. An interconnected ecosystem of smart technologies seemed like a promising solution to improve equipment, supply chain management and the delivery process. However, the pandemic and subsequent lockdowns led to a variety of cybersecurity challenges.
Shifting to remote work due to the COVID-19 pandemic drove industrial organizations to adjust existing cybersecurity processes to accommodate that remote access. Remote work only exacerbated networks’ vulnerabilities, and hackers wasted no time taking advantage of them. According to Claroty,70 percent of ICS vulnerabilities disclosed in 2020 were linked back to unprotected remote access points.
Many manufacturers lack visibility into their own IT and OT networks, meaning they cannot identify the remote access points in need of protection. These lapses in visibility are often tied to a commonly held yet false belief that investing in cybersecurity is too costly and can potentially delay product shipment within the supply chain.
In reality, the cost of recovering from a cyberattack – particularly a global ransomware attack like the one that hit Kaseya – far outweighs the upfront costs of implementing robust cybersecurity solutions. The global cost of recovering from a ransomware attack is predicted to grow 57 percent to $20 billion this year. Mimecast found that 61 percent of companies suffered a ransomware attack last year, which led to an average of six days of downtime – six days too many for a manufacturer.
Best Practices in Securing Remote Access
The challenges manufacturers face in the wake of mounting cyberattacks are plentiful, especially when considering the existing fragmented cybersecurity policies and procedures. These vulnerabilities can largely be attributed to uncertainty around best practices in securing remote access.
The first and most basic best practice is to design remote access based on least privilege. Each role that is defined for remote access should limit the devices and systems to only what is necessary to perform the required functionality. Far too often, those with remote access have complete access into the system, this is one of the main reasons this is such an attractive target by adversaries.
Without the proper policies in place to mitigate cyber threats, manufacturers risk a loss of intellectual property, physical damage to plants and even danger to employee safety. Training and awareness programs that actively improve knowledge are critical in securing remote access points.
Technologies such as virtual local area networks (VLANs), IP ranges, or micro-segmentation of IT and OT network traffic are becoming more popular to protect against OT-focused attacks. Strategies like establishing “industrial-demilitarized zones” (I-DMZs) and data warehousing can help facilitate a secure buffer zone where services and data can be shared and transferred between SCADA systems and business networks.
For companies without deep cybersecurity expertise, a managed security service provider (MSSP) can help close the knowledge gap within an organization and recommend security controls that are applicable to a manufacturer’s specific technological needs.
Especially as hackers become more sophisticated in their attacks, prevention should remain the priority for manufacturers. By creating a culture of cybersecurity and implementing the right policies, like following the principle of least privilege, manufacturing organizations can improve their standing within the cyber space. These policies should also include establishing a supply chain management program to ensure uniform cybersecurity practices with all contractors and third-party vendors.
Manufacturing organizations across the country are experiencing a stark increase in cyberattacks each year. Hackers will continue to exploit remote access vulnerabilities as long as there are inadequate cybersecurity solutions in place. The COVID-19 pandemic concurrently highlighted remote access vulnerabilities and the manufacturer’s lack of visibility into their own networks.
However, the uncertainty surrounding best practices put manufacturers at a disadvantage. Despite this, protection from cyberattacks in the manufacturing industry is possible with a serious commitment to cyber hygiene best practices.
Roger Hill is the Senior Director of Product Security at Kudelski Security.