- Cyber Security
- Cyber Attack
- Manufacturing Supply
Are You a Manufacturer Prepared for Ransomware?
As the threat of ransomware continues to grow in manufacturing, owners and operators are scrambling to review their incident response plans. More operational technology is being connected to the internet at the same time threat actors have identified manufacturers as lucrative targets. Manufacturing companies have cash flow and known vulnerabilities in vendor systems and require near-constant uptime to avoid major impacts to their bottom line. They often lack connected and coherent security programs for IT and OT operations and have little visibility into their communications networks. These factors make manufacturing ripe for targeting by ransomware gangs looking for fast and large payouts.
Ransomware has evolved from simply encrypting network files and systems to deny access in exchange for a sum, to include theft of data that results in double extortion. As a tactic, ransomware is indiscriminate, rising exponentially, and making its way to legacy industrial networks and control systems. Any vulnerable network is a potential target, not just large corporate names. There’s a growing sea of jargon, alerts, and frameworks in the cybersecurity field prompting action and review due to this threat. The reality is that cyberattacks are dynamic, not static. Another group of tactics, tools, and procedures will replace ransomware as the race between system owners and bad actors continues. The only defense is to harden industrial networks, build resilience, and prepare to be attacked.
Getting Security Started
An organization does not need to have any security tools to begin preparing for an attack. Regardless of team size and experience level, organizations need to take steps to train personnel to practice cyber hygiene. They must know how to identify potential phishing attempts and who to alert in case of a cyberattack, and they need to run simulations and exercises that do not affect operations to identify priorities if systems are compromised, including access to backups. Many non-technical cultural and individual assumptions can be challenged with simulations and exercises. They can flesh out the extent to which personnel are prepared to rely on manual processes and the chain of command for incident response.
Practically speaking, securing industrial networks requires knowledge of what data, devices, and systems exist, and where, when, and how they communicate. To achieve this level of visibility, companies are investing in a spectrum of security tools. A best practice for beginning this journey is to take stock of your assets—what security people call asset inventory. Asset inventory establishes a foundational understanding of what assets, connections, and communications protocols live on your IT and OT networks. It also provides a starting point for analysis if and when your systems become compromised.
As organizations explore security options, it is important to keep the following in mind:
- Getting the basics right matters. Don’t provide low hanging fruit for threat actors to take advantage of, and don’t think your operation is too small to be targeted.
- Raise the bar for third parties. Network security vendors need to build trust with customers to provide security, build resilience, and improve outcomes.
- Preparing for and mitigating cyberattacks requires increased and sustained investments. Hardening industrial networks and building resilience and preparedness require careful planning, resources, and routine upkeep.
Organizations are investing in intrusion detection systems (IDSs) to provide network visibility. IDSs use behavior analytics to understand networks to alert operators to potential abnormalities or cyber intrusions, and are proven to not interfere with industrial operations. An effective IDS is only one feature of a robust cybersecurity solution and only one tool of a mature security program. To help asset owners understand the threat of ransomware and the IDS market, Guidehouse Insights published a 2021 research report, Ransomware and Critical Infrastructure.