There’s a saying that if you don’t want to get hacked, disconnect everything from the internet. But of course that’s not an option in today’s manufacturing industry. Digital transformation and Industry 4.0 technologies are creating efficiencies, business intelligence, customer engagement opportunities and profitability that can’t be replicated by analog operations.
Unfortunately, increased digitization also creates greater risk to your data and operations — and no manufacturer is too small to be safe from cybercriminals. You might think no one would hack you because your data isn’t valuable to others, but hackers will disagree. They have figured out that your data is valuable to you, and that you’ll likely pay to get it back.
A recent survey of 200 manufacturers by Wipfli backs this up. The survey found that nearly half of the respondents experienced three or more network breaches in the past year.
Strengthening the resilience of your manufacturing operations
It's not just a matter of protecting data. Cyberattacks can jump the border from digital to physical by locking up or seizing equipment. This is bad enough for operational uptime, but it can also pose a risk to human safety.
For example, consider a company that uses computer-controlled devices to move and store caustic chemicals. What happens if the digital devices are compromised? Could it cause a chemical spill? Or could the chemicals overheat, resulting in a fire? It might sound implausible. But as cyberattacks become more sophisticated and aggressive, it is a very real possibility.
Manufacturers can protect their operations by building resilience to cyber threats. Resilience in this case means you have the ability to resist an attack, to respond quickly and thoroughly when an attack occurs, and to efficiently recover your business if your operations are compromised. That starts by identifying weaknesses in your digital perimeter and then building a multilayered strategy to protect against and respond to an attack.
Common cybersecurity blind spots
Manufacturers must contend with multiple physical and digital avenues into their operations. Often, these attack vectors are hidden or are seemingly insignificant.
Outdated and unsupported hardware and software on the shop floor are two of the most overlooked sources of vulnerability. Although this equipment may not be used like a traditional computer by your front-office staff, it’s still connected to the network. If it isn’t maintained, it’s a security risk to your operations.
IT-related decisions made by non-IT departments pose another common risk. With the advancement of cloud computing and software-as-a-service models, it’s easier than ever for employees to purchase new software, download applications or share files in the cloud. Systems and software that are not properly vetted or maintained could harbor security risks. In addition, they extend your attack surface without your knowledge, making it harder to protect data.
A lack of real-time monitoring is another standard blind spot in manufacturing operations. Without real-time monitoring, you have no visibility into attempts to infiltrate your network or hack your users. It’s harder to resist attacks if you don’t know they’re occurring.
For example, one of the most frequent signs of attack that we see is the “violation of impossible travel rules.” In this scenario, a legitimate user logs into the network from the office — let’s say it’s the CFO of a manufacturing firm based in Green Bay, Wisconsin. Four hours later, the CFO logs in from Minsk, Belarus. This is an impossible travel scenario and clearly a sign that the CFO’s credentials have been stolen. However, it could go unnoticed without proper monitoring in place.
Creating a multilayer security strategy
The best means to resist an attack is to establish a multilayer security strategy. At its most foundational level, the strategy should include:
- Password protocols: Ensure the use of good passwords.
- Email protection: Technologies that curtail spam and spear-phishing attempts will reduce the risk of social engineering.
- Multi-factor authentication (MFA): MFA requires users to take an additional step to verify their identity when logging into a system or an app. It should be implemented on all remote access points (such as email, VPN and cloud applications) as well as internal administrative accounts.
- End-point detection and response (EDR): EDR increases your ability to detect suspicious events by providing real-time visibility into attacks. It is not the same as antivirus software (which should also be employed in your business). Antivirus software looks for malicious programs running on your computer. EDR looks for malicious activity in the memory of your computer.
- Regular penetration testing and vulnerability scans: If you’re not monitoring your environment, you don’t know where your vulnerabilities are or how to fix them. Monthly or quarterly penetration testing of your external systems and vulnerability scans of your internal systems are essential to identify weaknesses before they become attack vectors.
- Vulnerability management: Cybercriminals are constantly probing for security gaps. You can make it harder for them to gain entry by applying patches and software updates, removing unnecessary software and disabling unused system processes.
- Air-gapped backups/segmented networks: If you can browse directly to your backup files from your primary network, they are not safe from ransomware or other cyberattacks. Cordon off your backup files on a stand-alone network that requires separate credentials.
- Recovery testing: Are your system backups occurring as intended? A network failure or cyberattack is the wrong time to discover your files haven’t been backed up or that you don’t have the means to restore them. You need to regularly test your backup processes to confirm they are working.
Employees are part of your cybersecurity strategy
The best hackers don’t hack systems; they hack people. It’s easier to trick someone into sharing their credentials than it is to break into a system. For that reason, you need to focus as much on your people as on your perimeter.
Your first line of defense is to put controls in place to govern how data is used, managed and stored, as well as limiting access to sensitive data to those who absolutely require it. If you don’t know where your data is being kept or who has access to it, you can’t be sure that it is protected.
Your second line of defense is to implement a comprehensive training program. Hackers will use a variety of social engineering techniques to steal information, including email (phishing), SMS text messages (smishing) and phone calls/voicemail (vishing). In response, you need to develop your team’s ability to be professionally skeptical.
When employees know what they need to do and why, your operations will be better armed against cyber threats.
Add a cybersecurity team without adding to your payroll
If it sounds like you need to build an entire cybersecurity team to safeguard your operations, you’re partially correct. It does take a team, but you don’t need to build it. Outsourcing your cybersecurity to a managed services provider is a far better use of your resources. Your core competency is manufacturing, so why not rely on a team of network and cybersecurity specialists to build, manage and protect your network?
At Wipfli, we function as an extension of your team to reinforce your perimeter against attack. Our manufacturing and technology specialists understand what it takes to build cyber-resilient enterprises. We have the industry-specific expertise, capabilities, and proven track record to develop systems that can resist, respond to and recover from cyberattacks. Learn how we can help you strengthen your resiliency by implementing strategies that keep your operations secure, available and recoverable.
Next week, we’ll explore why a business continuity plan is essential to resiliency. Don’t miss out on that and our other thought-provoking articles just for manufacturing leaders. Sign up using the form on the righthand side of this page to receive articles and our manufacturing newsletter directly in your inbox.