How to Reduce Exposure to Manufacturing Attack Surfaces
Digitization initiatives connect once-isolated Operational Technology (OT) environments with their Information Technology (IT) partners. This digital transformation of the factory floor has accelerated the connection of machines to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used to manage and monitor industrial devices and machines, connecting OT to IT.
Such connectivity increases productivity, reduces operational costs and speeds up processes. However, this convergence also increases organizational security risks, making manufacturers more vulnerable to attacks. In fact, in 2022 alone, there were 2,337 manufacturing system security breaches, 338 with confirmed data disclosure (Verizon DBIR Report 2022).
Ransomware: A Growing Threat to Manufacturers
The nature of attacks has also changed. In the past, attackers might be driven by espionage, targeting manufacturing companies to steal Intellectual Property (IP) and secrets. Today, however, ransomware attacks and attacks involving stolen credentials are much more common.
In 2022, manufacturing is most targeted sector for ransomware attacks, see 87% increase in ransomware attacks. from the previous year. This is due to manufacturing’s reluctance to downtime. Or as Verizon put it in their 2022 Data Breach Industry Report, manufacturing is “an industry where availability equals productivity.”
Despite understanding the risks, many manufacturing companies were not ready for an attack. According to the Safety Scorecard.48%, nearly half, of the manufacturers reviewed scored a C, D, or F in security. This comes at a cost: the average cost of a critical infrastructure data breach is $4.82 million, according to IBM’s “Data Breach Costs” report.
Recent high-profile incidents such as the ransomware attack on the Dole Company, one of the world’s largest fruit and vegetable producers, have demonstrated how crippling these attacks can be. The company was forced to temporarily close its production facilities in North America.
in Augusttwo companies based in Luxembourg attacked with ransomware. The attacker takes down the customer portal and extracts data from the system. And of course, the infamous Colonial Pipe incident, an example of a cyber attack on critical infrastructure. These are just a few examples, and there are many more.
What can manufacturers do to protect themselves?
5 Steps Manufacturers Can Take Today to Reduce Attack Surface Exposure
Reducing the risk of cyber attacks is critical to ensuring the factory floor continues to operate, uninterrupted. Here are five steps manufacturers like you can take to reduce cybersecurity risks:
1 — Test Again and Again
Regularly testing and assessing your organization’s network and infrastructure gives you real-time visibility into your security posture. By testing and then testing again (and again) you will be able to identify real vulnerabilities that could be exploited by attackers. You will also be able to evaluate the effectiveness of your security controls and identify areas for improvement so you can customize your program and security stack. This will also give you a competitive advantage, because by preventing attacks you can ensure you are always productive and proactively eliminate downtime.
Use industry standard frameworks such as MITER ATT&CK and OWASP to ensure you are testing the most common attack types and techniques.
2 — Automate Your Security Process
Automation enables optimal use of time and resources. These efficiencies help streamline your efforts and reduce the time and effort needed to identify and respond to security threats. Therefore, it is advisable to automate the security measures you take. For example, automate your network testing.
Automation also creates standardization, consistency and accuracy, to prevent errors. As a result, you will be able to scale and increase the scope of your security practices, in a cost-effective way. In addition, automated systems are often easy to use, allowing control at the click of a button. This allows any user to incur risks easily, by letting the platform do the work. When choosing your automation tools and platforms, make sure they are designed to be secure. Implement a reliable, downtime-free solution.
3 — Take the Enemy’s Perspective
While no one thinks ‘manufacturer-like’ better than you, when it comes to security it’s time to put your ‘strike hat’ on. Hackers are looking for any way to exploit your network, and they don’t wait for guidelines to do it. Try to think out-of-the-box and apply different perspectives and methods of analysis. Thinking like a hacker is the best offense you can commit.
By taking an adversarial perspective, you can proactively identify vulnerabilities and weaknesses through attack chain validation and mitigate them before they are exploited. In the long term, thinking like an attacker can help you develop a better security strategy, to minimize the likelihood of an attack or blast radius if one occurs.
4 — Prioritize Patching Based on Actual Risk
Prioritizing vulnerability fixes based on business impact is the most cost-effective way to reduce risk and reduce exposure to cyber attacks. Get started by patching critical vulnerabilities and threats, based on evidence-based testing, that can have the greatest impact on your business operations. Don’t hypothesize, check your tests to see which security holes created the “kill-chain” with the real impact Youand proceed to restore it first.
Priorities also help eliminate the “noise” caused by too many security alerts. Even small companies have an unmanageable number of warnings from security tools that they need to resolve.
5 — Benchmark Your Security Posture
By continuing to test your attack surface regularly and frequently, you can continuously gauge your security posture. This helps improve security in a number of ways:
- Measure the effectiveness of your security measures against industry standards and best practices.
- Indicate areas of improvement that are the result of successful remediation.
- Demonstrate compliance with regulations and industry standards.
- Gain valuable insights into your security posture and strategy so you can make more informed decisions.
How Automatic Security Validation Helps Manufacturers
Automated Security Validation Programs provide context and accuracy when validating an organization’s attack surface. With minimal setup, requiring no agents or pre-installation, security and IT teams in manufacturing companies can safely challenge their full attack surface to pinpoint the most damaging security holes – just like real-life attackers do. This significantly allows teams to scale security efforts and minimize exposure to the IT-OT attack surface.
Visit pentera.io to learn more about Automatic Security Validation.