Manufacturers: Approach Cybersecurity Like Your Assembly Line

To combat cyberattacks, which pose a growing threat during the COVID-19 pandemic, manufacturers should take a page out of their own book and apply an assembly line approach to their cybersecurity.

More connected devices on the factory floor mean more opportunities for hackers to attack.

Even after the infamous cyberattacks of WannaCry and NotPetya that cost manufacturers millions of dollars in 2017, nearly half of all manufacturing companies still suffered a data breach in the past year. Threats are evolving so quickly that manufacturers simply can’t keep up.

But by breaking down cybersecurity into its independent parts, manufacturers can better prepare for inevitable data breach attempts.

Growing IIoT cybersecurity risks.

Despite the security risks associated with the Industrial Internet of Things (IIoT), connected devices have far more advantages than disadvantages on the factory floor.

The manufacturing industry must embrace digital transformation to remain resilient amid a tight labor market, shifting trade policies, and a global economy hit hard by COVID-19.

IIoT devices can help manufacturers improve performance, access consistent reports and insights, improve process visibility and customize their capabilities more seamlessly.

IIoT devices are particularly vulnerable to attack.

  • Many black box devices like smart sensors and programmable logic controllers (PLCs) run on outdated code — in some cases code from the 90s — with bolted-on modules.
    The decades-old code often contains bugs that put devices at risk of dedicated-denial-of-service (DDoS) attacks, or even total takeovers.
  • Additionally, many of these black box devices aren’t set up or configured by IT departments. For example, most manufacturers choose which milling machines to purchase based on how quickly they turn out parts, not how strong their firewall is. But when these devices join the connected world, they’re exposed to new threats.
  • The companies that produce connected devices often intentionally leave open a backdoor so they can more easily conduct routine maintenance. In some cases, the only way manufacturers can update a device is through USB ports, which are notoriously prone to malware transmission.
  • Manufacturers haven’t done their due diligence in training blue-collar workers, who are often not as IT savvy as those in white-collar industries. Workers unfamiliar with proper security protocol are more susceptible to phishing scams.
  • Similarly, as mobile scanning apps become more popular on the factory floor, manufacturers have introduced more opportunities for potential attacks. Most companies don’t have the capacity to manage various individual devices and apps in addition to their own technology, so personal tech often goes unsupervised.

Because IIoT devices are more susceptible to cyber breaches, DDoS attacks are common.

Think back to the 2016 attack on Dyn, a domain name system (DNS), which brought down major sites including Twitter, Netflix, Paypal and Spotify. Groups of automated harmful programs, or botnets, attacked IoT devices in what was, at the time, the largest DDoS attack in history.

Not only are the risks of cyberattacks growing, the consequences can be devastating.

According to a study conducted by IBM, the average time to identify a data breach is 197 days, the average time to contain a data breach once identified is 69 days and the average cost of a data breach in the U.S. is $7.91 million.

In the words of former FBI Director Robert S. Mueller III, “It is no longer a question of ‘if,’ but ‘when’ and ‘how often.’

There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.”

The assembly line approach to cybersecurity.

Even though data breaches are inevitable, manufacturers can still take the right precautions to decrease their magnitude and mitigate potential damage.

Think about cybersecurity like a product in your assembly line. At every stage in the process, something new gets added, until you’ve assembled the final product. But if you stop adding new pieces in the middle of the process and try to use the product, it likely won’t work properly.

Cybersecurity requires similar layers of firewalls, encryption, anti-malware, access control, and endpoint protection to best defend your IIoT devices.

Managing cybersecurity like an assembly line requires strategies for every part of the process.

  1. Education: Employees who don’t know better are some of the easiest targets for cyberattackers. But a few simple process changes can help diminish instances of breaches caused by employees.
    1. Onboarding tutorials: Teach employees what to watch out for on day one. Include a web tutorial on how to avoid phishing scams as part of the onboarding process, and follow it up with a short quiz.
    2. Frequent testing: Any employees who use devices that can get hacked should be tested frequently. Send your own test phishing messages to ensure initial training actually took hold. Employees that click the links in these test emails should be automatically scheduled to take a refresher course.
  2. Network segmentation and device fencing: To address the rise of unsecured IIoT and personal devices on the floor, manufacturers should invest in network segmentation. By splitting your main computer network into subnetworks, or segments, companies can not only boost performance but also enhance security.

    Segmentation restricts network access to approved users and gives IT teams the ability to better control, monitor and protect the flow of information. If one subnetwork gets hacked, the risk of spread and the amount of data compromised are much lower.

    Additionally, manufacturers should establish device geofencing, which provides an added layer of access control and streamlines BYOD management. These boundaries limit access to certain applications or devices and track compliance within a specific geographical perimeter.

    A geographical perimeter can also be set up as a “device fence” — to alert system administrators when company-owned devices leave the premises or the device can be set to automatically shut off access.

  3. Hiring and outsourcing: Many manufacturers simply don’t have the IT department needed to monitor and manage security risks. Often, the same person is responsible for managing both the company’s security and its network.

    These employees are usually overworked and lack the necessary checks and balances of a fully staffed IT department. It should come as no surprise then that the burnout rate is incredibly high among these professionals — adding further strain to manufacturers trying to compete in a tight labor market.

Even with the right number of IT professionals in place, every business operating in the connected world needs 24/7 security coverage, 365 days a year.

Managed security service providers (MSSPs) can fill in the gaps that IT departments can’t manage single-handedly. External specialists not only have access to a much broader cybersecurity toolkit than in-house staff, they also often cost less than hiring an entire internal team. And the savings in reduced malware infection rates are invaluable.

MSSPs provide several crucial layers necessary for an assembly-line approach to cybersecurity.

The MSSPs approach includes a perimeter defense, endpoint security, intrusion detection and prevention systems (IDPs). The MSSPs also provide security information and event management (SIEM).

When selecting an MSSP, look for a partner with:

    1. Considerable experience with incident response and use of leading endpoint protection technologies.
    2. Multiple client success stories, case studies and credible references.
    3. Breach detection that analyzes every trouble ticket, instead of just tracking trends.
    4. Experienced staff — with the proper certifications — in every time zone where you conduct business.

The pace of IIoT cyberattacks isn’t letting up anytime soon.

No, the pace of IIoT cyberattacks isn’t letting up — they’re intensifying in the wake of the coronavirus.

It’s only a matter of time before your manufacturing company is breached — if you haven’t been already.

Know that the right combination of security layers can help you detect and prevent more breaches, and recover quicker when the inevitable strikes.

Image Credit: Ivy Son; Pexels

Mike Rulf

Mike Rulf CTO of the Americas region at Syntax and is a seasoned executive with over two decades managing large technology organizations exceeding 500 individuals supporting product lines in excess of $250M in revenue. During that time he has had continuous hands-on involvement in the design, installation, maintenance, and extension of large distributed software solutions as well as both Cloud Services and SaaS platforms. Mike also spent four years implementing information security systems for large organizations.

View original article here Source