Attacks on manufacturing organisations can be particularly disruptive and, with the ongoing convergence of IT and OT systems, it’s critical that CIOs take steps to secure their critical infrastructure. Vinod Kumar, CEO, Subex, tells us about the challenges facing manufacturing firms and how they can get ahead of attackers.
Can you tell us about some of the unique cybersecurity challenges facing manufacturing organisations?
Today, manufacturers are battling hackers and disruptive actors at various levels. The converged environment gives rise, to OT, IoT and IT threats but such convergence of technologies also opens up more attack vectors for hackers to exploit vulnerabilities while giving rise to what we call hybrid risks which is a euphemism for threat actors using a range of methods including a blend of traditional and non-traditional approaches to initiate a cyberattack. Also, malware potency is increasing and hackers are also using persuasive messages in phishing emails to cause a breach through insider activity.
Why is this industry so targeted?
The manufacturing sector represents the lifeline of an economy. It is therefore high on the agenda of state-backed hacker constellations, also known as APT groups. The supply chain element also plays a key role as all these firms are relying on third party contractors or subcontractors who might not have the best security posture.
Manufacturing entities also hold plenty of intellectual property – information of commercial interest to various groups. Manufacturers also want to avoid disruption at any cost so they are ideal targets for hackers who seek to monetise breaches faster through ransomware. Our research has shown that as much as 14% of all stolen data on the Dark Web is connected to the manufacturing sector. This indicates the volume of breaches that have been successful so far.
Can you tell us how the threat landscape has changed for this industry during the COVID-19 pandemic?
The risks have increased and the threats have multiplied. Today, we are in the midst of what we call the second wave of attacks linked to the pandemic. Because of the confusion and anxiety that characterised the first few months, hackers were able to initiate a co-ordinated campaign resulting in many successful breaches through phishing emails and those that exploited unsecured home networks due to the prevalence of work from home.
Simultaneously, we also saw an increase in targeted cyberattacks and a spike in the number of variants of previously detected malware. This trend is yet to peak and attacks may continue for a few more months.
How important is it for manufacturers to strengthen their cyberdefences in light of the COVID-19 pandemic?
The response to these attempts by various hackers and agencies should be proportionate to the deteriorating threat environment. A strong cybersecurity posture is not just a matter of choice or due diligence, but a critical business requirement that needs to constantly evolve and mature by constantly assessing the threats and deploying controls to thwart such attacks to discourage the actors behind them. Otherwise, erosion of credibility and loss of revenue will be swift.
In today’s hyper-competitive environment, no manufacturer can afford a disruption. The biggest change the pandemic has influenced is the extension of the perimeter. Today a company’s assets extend beyond its networks and physical security. The only security option that exists today is for each asset to present a perimeter to protect itself because the assumption to be made is that these assets exist in an insecure environment such as insecure home networks, public Wi-Fi, etc and thus these assets could become conduits of entry into the company’s secure network.
What steps can CIOs and CISOs within this sector take to improve their security posture?
To secure assets, data and systems connected with manufacturing, a multi-pronged strategy must be adopted that includes:
- Building an enterprise risk model: look at security from an inside-outside perspective starting with visibility of all the assets deployed, assets that could be targeted and associated vulnerabilities, employees who could be targeted and then link it with strategic decisions about infrastructure, technology, process modifications and operations required to mitigate it
- Evaluate supply chains linking with key processes and equipment to avoid supply chain poisoning
- Fortify your threat posture: regularly conduct ongoing rain checks on key measurement criteria and targets. Align them with the prevailing threat landscape and threat actor and malware behaviour.
- Have regular conversations with all stakeholders and encourage employees and others to identify areas for improvement from a cybersecurity perspective
- Understand that the perimeter cannot be the only defensive strategy, deploy solutions that bring extreme visibility concerning network use by monitoring all traffic for anomalous behaviour
- Segregate the network to protect your crown jewels, this is very basic but we have seen that this is being rarely implemented especially with OT, IoT, and IT convergence
What best practice advice would you offer CISOs within this sector looking to create a robust long-term security strategy?
Cybersecurity should be viewed as an investment in improving value. Employees and all stakeholders need to work together to secure businesses from within and outside. Periodic audits conducted with the same level of diligence as financial audits need to be conducted while best practices are adopted at a regular frequency. A siloed approach to cybersecurity defeats the core purpose of securing an enterprise so all stakeholders need to come together to fight the forces of disruption while adopting a zero-trust stand.
Can a good cybersecurity posture also provide business benefits?
Yes, it helps build credibility, reduces the risks of revenue attrition due to cyberattacks and ransom payments. Beyond all this, cybersecurity instils discipline and improves situational awareness among all stakeholders. Typically, according to our calculations, RoI from improving cybersecurity can be gained within the first year itself, if not earlier. Considering the average cost of a breach, it could even happen earlier.
Can you tell us about the work Subex is doing to protect businesses?
We are providing critical infrastructure grade cybersecurity to businesses around the world. This includes telcos, oil and gas entities, smart cities, manufacturing plants and new-age manufacturers. We run the world’s largest threat intelligence gathering facility that supports our cybersecurity solution and the services we offer. We can provide asset visibility, identify, mitigate and analyse the unique threats that emerge as also conventional threats and those that emerge from converged environments.