Manufacturers remain a prime target for cyber-crime. Trevor Dearing at Illumio considers how can they boost resilience
Cyber-attacks remain a risk to every business but cyber-criminals have their favourite targets – those seen as more vulnerable or offering the highest return on their attack.
A recent report by the World Economic Forum found that manufacturing is the most targeted industry for the second year running. Time-sensitive operations and intricate supply chains render manufacturers particularly vulnerable to disruptive attacks like ransomware, and research indicates the average ransom payments across the industry are over $2m per incident.
So why are manufacturers a favourite target for cyber-crime? And how can they strengthen resilience against increasingly sophisticated attacks?
Rapid digital transformation increases risk
Most cyber-attacks are highly opportunistic, with threat actors looking for the easiest path to the greatest rewards.
The sector has seen extensive digital transformation in recent years, with the digitisation and automation of manual and analogue operations to boost productivity and drive efficiency.
The attack surface is also increasing as more devices are connected and more systems migrated to the cloud. The convergence of traditional IT and operational technology (OT) is also introducing new risks, as these older legacy systems are now exposed to digital threats they were never designed for.
Manufacturers are also highly vulnerable to supply chain risk. With a vast array of partners, suppliers, and service providers, there are countless connections that threat actors can exploit to sidestep network defences.
In a recent example, a serious ransomware attack hit leading chip manufacturer Taiwan Semiconductor Manufacturing Company (TSMC). The company says the attack originated with a third-party system integrator, Kinmax Technology. Reports suggest that the notorious LockBit ransomware gang is behind it, demanding $70m to restore systems and return stolen sensitive data.
Fragmented industry collaboration
The nature of the manufacturing supply chain also empowers gangs to demand higher ransoms, knowing the pressure their victims face. Maintaining operational uptime is critical, with every delayed shipment leading to spiralling costs. Fields such as technology and automotive production are highly sensitive to interruption, with a single disrupted supplier causing a cascade of issues that can hit global markets.
Despite this level of interconnectivity, the manufacturing sector also lacks unity around cyber-threats. Companies driven by competitive interests often operate in silos, reluctant to share information that could collectively strengthen industry-wide cyber-resilience. This fragmented landscape creates inconsistencies in security measures, making the entire sector more susceptible to attacks.
An "assume breach" philosophy may be the answer
With such large and complex IT estates, manufacturers have little chance of entirely proofing their infrastructure against attack. Instead, manufacturers must adopt an "assume breach" mindset. One which accepts that breaches are inevitable and focuses on minimising impact through breach containment.
While detecting and preventing threats remains essential, being prepared to isolate and contain attacks that make it through can significantly reduce downtime and financial loss by limiting the post-breach damage.
This is particularly effective against attacks like ransomware, which thrive on moving fast and causing maximum disruption. Preventing malware from spreading ensures manufacturers can weather the attack without suffering the serious disruption threat actors are counting on.
Asset-based approach with Zero Trust Segmentation
The Zero Trust model is an increasingly popular strategy for manufacturers looking to improve their resilience. Unlike traditional methods that rely on perimeter defences, Zero Trust operates on the premise of "never trust, always verify" and assumes that threats can originate from anywhere—even within the organisation.
By enforcing strict access controls and continuously monitoring connectivity, this approach provides granular security that adapts to evolving threats.
A key component of Zero Trust is Zero Trust Segmentation (ZTS), also known as micro-segmentation. This focuses on identifying the risk for each individual resource and then applying controls as required to protect that resource. This makes for a simpler and more agile approach to security allowing organisations to respond quickly and more effectively to an attack.
Crucially, Zero Trust Segmentation works on allowing the good rather than spotting the bad. This means there will be no barrier to, say, OT hardware communicating with industrial control systems using the expected protocols – but instead it will deny access to an intruder attempting to exploit this connection.
Implementing ZTS creates an asset-based approach where each system is protected on an individual basis. This prevents attackers from exploiting the scope and complexity of the manufacturing attack surface, and limits the impact to the initial breach point. Intruders will find far more difficult to achieve lateral movement and access critical systems and data.
ZTS is also easier to manage than traditional security routes, a boon for overstretched IT teams with many other priorities to deal with.
Maintaining operations during a breach
The cyber-threat shows no sign of slowing down and all manufactures must take steps to safeguard operations. However, a robust cyber-security posture extends beyond technology and is deeply rooted in organisational culture. Manufacturers must invest in regular training programmes that educate employees on the latest cyber-threats and preventive measures.
But education alone isn’t enough. A culture of cyber-resilience encourages employees to take ownership of security, viewing it not as a hurdle but as an integral part of their daily operations.
Manufacturers must recognise the value of collective security and initiate platforms for information sharing. Whether it’s threat intelligence or best practices, shared knowledge empowers the entire sector to elevate its cyber-resilience. Industry associations can play a pivotal role here, acting as neutral grounds for collaboration and standard setting.
The manufacturing sector faces complex cyber-threats exacerbated by rapid digital transformation. However, these challenges are not insurmountable.
By adopting an assume breach philosophy, embracing asset-centric strategies like Zero Trust Segmentation, and fostering industry collaboration, manufacturers can strengthen their resilience against threat actors expecting easy prey.
Trevor Dearing is Director of Critical Infrastructure at Illumio
Main image courtesy of iStockPhoto.com
© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543