manufacturing Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

manufacturing

53% of manufacturers say operational tech is vulnerable to cyber attack

960 640 Stuart O'Brien

Manufacturing industry security teams are seeing the information technology (IT) and operational technology (OT) environments converging at a rapid pace, but are struggling to safeguard OT assets as they are using the same tools to safeguard their IT infrastructure.

As a result, IT teams can’t keep up with growing volumes of security data or the increasing number of security alerts. They lack the right level of visibility and threat intelligence analysis and don’t have the right staff and skills to handle the cybersecurity workload.

Consequently, business operations are being disrupted and cyber-risk is increasing as more than half of the manufacturing organizations surveyed have experienced some type of cybersecurity incident on their OT systems in the last 12 months taking weeks or months to remediate. 

Those are the conclusions of a report conducted by TrapX Security in partnership with the Enterprise Strategy Group (ESG), which asked 150 cyber and IT professionals directly involved in security strategy, control and operations within manufacturing organisations about their current and future concerns. 

Manufacturing organizations have large and growing investments in IT and OT technology, helping them achieve more agile business processes. As the research reveals, IT and OT integration is fast becoming a best practice. Nearly half (49%) of organisations say that IT and OT infrastructure are tightly integrated while another 45% claim that there is some integration. This integration will only increase as 77% of respondents expect further IT and OT infrastructure convergence in the future. 

However, only 41% percent of organizations employ an IT security team with dedicated OT specialists, while 32% rely on their IT security team alone to protect OT assets. 58% use network technology tactics like IP ranges, VLANs, or microsegmentation to segment IT and OT network traffic. Almost one-quarter (24%) of organizations simply use one common network for IT and OT communications, reducing the visibility and response required for OT-focused attacks.

Common tools and staff may make operational sense, but deploying a plethora of IT security technologies to prepare for the specific threats of OT leaves IT teams unprepared and vulnerable to attack. As illustrated in the research, IT teams are repeatedly overwhelmed by the growing volumes of security data, visibility gaps, and a lack of staff and skills.

Security teams are getting challenged by the growing volumes of security data, and the increasing number of security alerts. 53% believe that their security operations workload exceeds staff capacity. and 37% admitted they must improve their ability to adjust security controls. More than half of surveyed organizations (58%) agreed that threat detection and response has grown more difficult. When asked to provide additional detail on the specific nature of that growing complexity, nearly half (45%) say they are collecting and processing more security telemetry and 43% say that the volume of security alerts has increased.

Manufacturers are still working in the dark though with just under half (44%) citing evolving and changing threats as making threat detection and response more difficult, particularly true as threat actors take advantage of the “fog” of COVID-19.

“The research illustrates a potentially dangerous imbalance between existing security controls and staff capabilities, and a need for more specialized and effective safeguards,” said Jon Oltsik, ESG Senior Principal Analyst and Fellow. “Manufacturing organizations are consolidating their IT and OT environments to achieve economies of scale and enable new types of business processes. Unfortunately, this advancement carries the growing risk of disruptive cyber-attacks. While organizations have deployed numerous technologies for threat detection and response, the data indicates that they are overwhelmed by growing volumes of security data, visibility gaps, and a lack of staff and skills.  Since they can’t address these challenges with more tools or staff, CISOs really need to seek out more creative approaches for threat detection and response.”

As the IT/OT attack surface grows, security teams are spread thinner as they try to keep pace with operations tasks such as threat detection, investigation, incident response, and risk mitigation. 53% agreed that their organization’s OT infrastructure is vulnerable to some type of cyber-attack, while the same number stated that they had already suffered some type of cyber-attack or other security incident in the last 12-24 months that impacted their OT infrastructure. When asked how long it typically takes for their firm to recover from a cyber-attack, 47% of respondents said between one week and one month, resulting in significant and potentially costly downtime for critical systems.

Manufacturing organizations lack the visibility needed for effective threat detection and response – especially regarding OT assets. Consequently, additional security complexity is unacceptable – any new investments they make must help them simplify security processes and get more out of existing tools and staff. 37% said they must improve their ability to see malicious OT activity, 36% say they must improve their ability to understand OT-focused threat intelligence and 35% believe they must improve their ability to effectively patch vulnerable OT assets.

44% of respondents highlighted Deception technology’s invaluable role in helping with threat research (44%), and 56% said that Deception technology can be used for threat detection purposes. More than half of the manufacturing organizations (55%) surveyed use Deception technology today, yet 44% have not made the connection between Deception technology and increased attack visibility.

“This research shows that manufacturing organizations are experiencing real challenges when it comes to threat detection and response, particularly for specialized OT assets that are critical for business operations,” said Ori Bach, CEO of TrapX Security. “This data, and our own experience working with innovators in all sectors of manufacturing, demonstrate there is a clear need for solutions like Deception, which can improve cyber defenses and reduce downtime without the need to install agents or disrupt existing security systems and operations.”

For further insights into the findings, download the full white paper, authored by Jon Oltsik, ESG Senior Principal Analyst and Fellow.

McAfee advocates shared responsibility for cyber security in manufacturing

960 640 Stuart O'Brien

McAfee’s latest Cloud Adoption and Risk Report revealed that between January and April 2020, enterprise use of cloud in the manufacturing industry spiked by 144%, compared to the average overall enterprise increase of 50%.

Likewise, external attacks on cloud accounts increased by 630%, with manufacturing verticals seeing a 679% increase in threats, making it one of the most affected sectors.

A previous report from McAfee – Grand Theft Data II – The Drivers and Shifting State of Data Breaches – revealed that IT security professionals across all sectors, including manufacturing, are still struggling to fully secure their organisation and protect against breaches, with 61% claiming to have experienced a data breach at their current employer

The firm says data breaches are getting more serious and are under greater scrutiny – nearly three-quarters of all breaches have required public disclosure or have affected financial results.

One major issue highlighted in the report is that security technology continues to operate in isolation, with 81% reporting separate policies or management consoles for cloud access security broker (CASB) and data loss prevention (DLP), resulting in delayed detection and remediation actions.

Mo Cashman, Principle Engineer at McAfee, has outlined key issues with this approach and how they can be addressed:

Why is collaboration and shared responsibility important for improving overall governance in the manufacturing industry?

“We often see blurred lines when it comes to responsibility for data security, cybersecurity and compliance in the manufacturing space. Unfortunately, lack of clarity about who owns what as part of a shared responsibility model means Information Technology (IT) and Operational Technology (OT) convergence is increasing cyber risk. For example, IT systems are used on the OT side, giving OT teams some level of responsibility for managing data security and governance. However, a combination of differing systems and policies as well as lack of transparency between teams can make it challenging to manage security as a whole. This challenge is further compounded because shared responsibility must also factor in the supply chain, and suppliers often bring their own security controls into the mix through the installation of their own devices. 

“By implementing a shared responsibility model, teams can come together and create full visibility of who is responsible for each piece of the puzzle – for example, handling security at system and programming levels. This can ensure that the right controls are adopted where they are needed, while providing an encompassing view of security systems across the organisation.  

“With a collective understanding of risk and responsibility between IT, OT and the supply chain, organisations are moving their security posture and data governance up one level. A good example of this already in practice is the cloud: as organisations become increasingly aware of their role in the shared responsibility model to secure the cloud, they are becoming more aware of their risk levels and able to manage these more effectively.” 

What are the potential consequences for manufacturers that fail to implement  a shared responsibility model across IT/OT/supply chain?

“Failure to adopt a shared responsibility model across IT, OT and the supply chain can leave manufacturers with unnecessary expenses, higher risks and weakened security. From a cost perspective, organisations could be paying for additional but unnecessary security licensing and monitoring. Without clarity on which tools are already in use across IT and OT teams, organisations will not only face challenges with interoperability but they’ll risk doubling up on tooling and training costs. Instead, taking a more holistic approach of the organisation as a whole will enable IT and OT teams to decide where responsibility lies and lower costs. For instance, OT teams have very specific requirements and expertise. While overall monitoring to collect and understand data might sit with IT, OT can layer on context for specific alerts based on their expertise. Taking a collaborative approach where everyone’s responsibility is clear will enable organisations to streamline processes and limit unnecessary costs.

“Ultimately, a key consequence of failing to adopt a shared responsibility model is a higher level of risk and poorer overall security. Without clear dividing lines on responsibility and a collaborative approach, IT will not have the comprehensive view of systems required to keep track of all data and potential threats. As a result, pockets of vulnerable systems are likely – falling through the cracks between teams. Limited visibility means limited security. 

“This security issue is compounded in the manufacturing sector as the type of vulnerabilities impacting IT systems are often very different to those impacting OT. While lots of research exists around IT threats, less research is available on the OT side. Given that OT systems are usually lightweight and could be prone to damage if too much traffic is thrown at them, vulnerability discovery can be challenging. The combination of limited research and levels of system vulnerability which are harder to uncover means manufacturers can easily find themselves exposed to cyberattacks if a shared responsibility model is not employed.” 

What current factors are driving manufacturing organisations to reconsider their current set-up and move to a shared responsibility model?

“Faced with uncertainty and confusion about what the ‘new normal’ will look like has meant business leaders are thinking about resilience more than ever. In doing so, they’re considering their enterprise as a whole – moving away from a more siloed view. For manufacturers, future resilience depends on their systems remaining up and, importantly, secure. This requires business leaders to think more closely about the role that people, process and technology play. When considering a return to normality, organisations are wondering how they would deal with cybersecurity challenges if staff are working remotely, or how they could operate more flexibly to adjust as restrictions ease and tighten in response to the rate of virus transmission in future. Taking this holistic view of the whole organisation inevitably starts to break down barriers between teams and puts the shared responsibility model front and centre.”

What benefits will shared responsibility bring to the future of the manufacturing space?

“Firstly, shared responsibility allows manufacturing organisations to leverage expertise where it lies. For example, while IT teams have a centralised view and understanding of IT risks, they should collaborate with OT teams for industry context as required. Collaboration here will allow for quicker identification and investigation of alerts, reducing response time as teams both detect and mitigate threats more quickly.

“In the manufacturing sector particularly, safety is an important benefit of adopting a shared responsibility. Improved security, via a shared responsibility model, will help teams to uncover security risks before they have major consequences for customers. What’s more, if OT, IT and the supply chain work together, teams will be able to identify new security boundaries and reduce future risk.”

McAfee has also outlined practical steps that manufacturers can take:

·       Elect a governance committee. Creating a committee that includes individuals across IT, OT and the supply chain is vital. It can remove silos and provide a consolidated view of risk across the business as a whole. 

·       Conduct regular audits. Running audits across both IT and OT is key to ensuring visibility across systems, as well as opening doors to question processes and systems. What systems are out there? Who are the suppliers? What SLAs/security contracts are in place? Through these audits, teams can identify risks, kick-start contractual discussions with suppliers and agree the process to mitigate vulnerabilities before they occur.  

·       Start with monitoring. Increasing overall levels of monitoring will provide greater visibility. This monitoring should go hand-in-hand with implementing threat detection capabilities and the response plans that go with them. Ultimately, response times can be reduced if IT and OT teams understand their roles and responsibility in the process. 

·       Asses the overall security architecture. Fostering a more holistic view of the current enterprise set-up and how this maps with existing security standards is crucial. If IT and OT teams use different models to meet different criteria, manufacturers should aim to bring these models together into one consolidated enterprise view of cyber risk. 

·       Create a security awareness programme. By implementing a security awareness and readiness programme, organisations can ensure that all teams are educated on security procedures and are actively involved in maintaining them. This programme should include everyone from end users to OT engineers, and all the way up to executive level, in order to ensure that all areas of the manufacturing process are covered.

UK’s manufacturing sector facing COVID-19 cyber threats

960 640 Stuart O'Brien

Manufacturing is now the most attacked sector representing almost a third of all cyber attacks in the UK & Ireland, while Technology was the most attacked sector globally.

That’s according to the 2020 Global Threat Intelligence Report (GTIR) from NTT, which says that despite efforts to layer up defences, many organisations are unable to stay ahead of attackers, while others are struggling to do the basics like patching old vulnerabilities. 

NTT asserts that manufacturing increasingly faces financially motivated data breaches, global supply chain risks and risks from unpatched vulnerabilities. The UK was the only country (apart from Hong Kong) this year where Manufacturing topped the list of most attacked sectors, representing 29% of all attacks, with Technology (19%) second and Business and Professional Services (17%) third. Government and Finance made up the other two sectors in the top five. 

Reconnaissance attacks accounted for half of all hostile activity in the UK and Ireland, with web application the next most common form of attack (22%). Reconnaissance activity (60%) was also the most common attack type against manufacturers followed by web application attacks (36%).

Rory Duncan, Security Go-to-Market Leader, NTT, said: “UK manufacturing has become a major target for attackers in recent years as a result of the increased risks brought about from the convergence of IT and Operational Technology (OT). The biggest worry is that security has lagged behind in this sector, potentially exposing systems and processes to attack. Poor OT security is a legacy issue; many systems were designed with efficiency, throughput and regulatory compliance in mind rather than security. In the past, OT also relied on a form of ‘security through obscurity’. The protocols, formats and interfaces in these systems were often complex and proprietary and different from those in IT systems, so it was difficult for attackers to mount a successful attack. As more and more systems come online, hackers are innovating and see these systems as ripe for attack.

“Now more than ever, it’s critical for all organisations, regardless of sector or region, to pay attention to the security that enables their business; making sure they are cyber-resilient and secure-by-design, which means embedding privacy and security into the fabric of their enterprise architecture and organisational culture. The current global pandemic and the flow of trusted and untrusted information used to mask the activities of cyber criminals has shown us that they will take advantage of any situation. Organisations must be ready to respond to these and other threats in a constantly evolving landscape.”

The 2020 Global Threat Intelligence Report calls last year the ‘year of enforcement’ with the number of Governance, Risk and Compliance (GRC) initiatives growing, creating a challenging global regulatory landscape. Several acts and laws now influence how organisations handle data and privacy, including the General Data Protection Regulation (GDPR), which has set a high standard for the rest of the world. The report provides organisations with recommendations to help navigate compliance complexity, including identifying acceptable risk levels, building cyber-resilience capabilities and implementing solutions that are secure-by-design.

The 2020 GTIR – the eigth annual report – analyses and summarises trends based on log, event, attack, incident and vulnerability data from trillions of logs and billions of attacks. To learn more about how this year’s GTIR offers organisations a robust framework to address today’s cyber threat landscape, and to learn more about the emerging trends across different industries and regions, including the Americas, APAC and EMEA, follow the link to download the NTT Ltd. 2020 GTIR

Global Highlights: 2020 Global Threat Intelligence Report:

  • Most common attack types accounted for 88% of attacks: Application-specific (33%), web application (22%), reconnaissance (14%), DoS/DDoS (14%) and network manipulation (5%) attacks.
  • Weaponisation of IoT: Botnets like Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities. Mirai and IoTroop are also known for spreading through IoT attacks, then propagating through scanning and subsequent infection from identified hosts.
  • Old vulnerabilities remain an active target: Attackers leveraged those that are several years old, but have not been patched by organisations, such as HeartBleed, which helped make OpenSSL the second most targeted software with 19% of attacks globally. A total of 258 new vulnerabilities were identified in Apache frameworks and software over the past two years, making Apache the third most targeted in 2019, accounting for over 15% of all attacks observed.
  • Attacks on Content Management Systems (CMS) accounted for about 20% of all attacks: Targeting popular CMS platforms like WordPress, Joomla!, Drupal, and noneCMS, cyber criminals used them as a route into businesses to steal valuable data and launch additional attacks. Additionally, more than 28% targeted technologies (like ColdFusion and Apache Struts) support websites.