Editor’s Note: The manufacturing industry is facing a serious epidemic of ransomware-related cyber assaults as one in four attacks currently target manufacturers, costing the industry millions in revenue and lost production time. Manufacturing leads all industries in cyberattacks for many reasons, including ransom multiplier supply chains, limited visibility over supply networks, industrial control systems’ (ICS) focus on production over security and significant gaps between IT and evolving cybersecurity technology. Many believe today’s manufacturers must pursue zero-trust network access (ZTNA) solutions in 2023 despite frequent capability misrepresentation by vendors and product implementation challenges.
NIST provides a helpful list of resources that recommend security teams establish a solid ZTNA framework with identity access management as a core component early on. Security must also emphasize endpoint protection by using cloud-based endpoint protection platforms (EPP), strict multi-factor authentication enforcement on endpoints and remote browser isolation (RBI) for extra security.
Summary:
Manufacturing tech traditionally has been designed more for speed and efficiency than for security, and cyber attackers are finding myriad ways to exploit this vulnerability—including ransomware incidents bringing damage that can run into the millions.
Manufacturers’ tech stacks and industrial control systems (ICS) were designed to deliver speed and transaction efficiency first, with security as a secondary goal. Nearly one in four attacks targeted manufacturers in the last year. Ransomware is the most popular attack strategy, and 61% of breaches targeted operational technology (OT)–connected organizations.
IBM Security’s X-Force Threat Intelligence Index 2022 states that, “Vulnerability exploitation was the top initial attack vector in manufacturing, an industry grappling with the effects of supply chain pressures and delays.”
Cyberattacks are a digital epidemic sweeping manufacturing, costing businesses millions in revenue and hours of lost production time. Manufacturing accounted for 68% of all industrial ransomware incidents in the third quarter of this year. On top of that, Dragos discovered that manufacturers suffered seven times more industrial ransomware incidents than the food and beverage industry. Forty-four percent of manufacturers had to temporarily shut their production lines down due to a cyberattack earlier this year.
Why manufacturing is the top target
Threat actors see supply chain attacks as ransom multipliers that can generate millions of dollars in just days. That’s because disrupting manufacturing supply chains strikes at the heart of a manufacturer’s ability to meet customer orders and grow revenue. Many manufacturers quietly pay the ransom because they have no other choice.
Another reason manufacturers are a top target is that their tech stacks are often built on legacy ICS, OT and IT systems that were streamlined for production speed, shop floor efficiency and process control—with security often a secondary priority.
Limited visibility across OT, IT, supply chain and partner networks is another primary reason manufacturers are getting breached so often. Trend Micro found that 86% of manufacturers have limited visibility into their ICS environments, making them an easy target for a wide variety of cyberattacks. A typical ICS is designed for process optimization, visibility and control. As a result, many have limited security in place.
Most ICS systems rely on air gaps as the first line of defense. Ransomware attackers are using USB drives to deliver malware, jumping the air gaps that industrial distributors, manufacturers and utilities rely on for that first line. Additionally, 79% of USB attacks can potentially disrupt the operational technologies (OT) that power industrial processing plants, according to Honeywell’s Industrial Cybersecurity USB Threat Report, 2021.
One primary reason why manufacturers are getting breached so often is their limited visibility into their ICS environments.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert earlier this year warning of attacks targeting ICS and SCADA devices.
The average damage from a manufacturing breach is $2.8 million. 89% of manufacturers who have suffered a ransomware attack or breach have had their supply chains disrupted.
Many manufacturers targeted by ransomware attacks have either had to temporarily cease operations to restore data from backup or chosen to pay the ransom.
Pursuing zero trust: A must for manufacturers
The manufacturing industry must overcome the misconception that Zero-Trust Network Access (ZTNA) frameworks are expensive, time-consuming and technologically challenging to implement.
When choosing a solution, IT must be aware that cybersecurity vendors sometimes misrepresent their zero-trust capabilities, often confusing potential clients about what’s needed and what the vendor’s offering can do. The NIST provides a series of cybersecurity resources for manufacturers.
Start with multifactor authentication (MFA) across every endpoint
Improving endpoint security is crucial for manufacturers, as every transaction they rely on to receive and fulfill orders passes through endpoints. Forrester’s report The Future of Endpoint Management defines the six characteristics of modern endpoint management challenges.
Andrew Hewitt, the report’s author, told VentureBeat that when clients ask what’s the best first step they can take to secure endpoints, he tells them that “the best place to start is always around enforcing multifactor authentication. This can go a long way toward ensuring that enterprise data is safe. From there, it’s enrolling devices and maintaining a solid compliance standard with the UEM tool.”
ZTNA frameworks need to start with endpoints
Unfortunately, most mid-tier manufacturers’ IT staffs are already short-handed, making defining and implementing a ZTNA framework a challenge. A business case to pursue ZTNA-based endpoint security must be based on measurable, quantifiable outcomes. Cloud-based endpoint protection platforms (EPPs) provide an efficient on-ramp for enterprises looking to get started quickly. EPPs also increasingly support self-healing endpoints.
Within a ZTNA framework, certain security activities can happen without human intervention.
Self-healing endpoints shut themselves off; re-check all OS and application versioning, including patch updates; and reset themselves to an optimized, secure configuration. All these activities happen without human intervention.
A manufacturer’s security perimeter is identities and data
Every identity is a new security perimeter in the supply chain, across sourcing networks, service centers and distribution channels. Manufacturers need to adopt a ZTNA mindset that sees every human and machine identity outside their firewalls as a potential threat surface. That’s why, for manufacturers just starting with a ZTNA framework, finding a solution with Identity and Access Management (IAM) integrated as a core part of the platform is a good idea, and it’s essential to get IAM right early.
Remote browser isolation (RBI) solves manufacturers’ challenges in securing internet access
RBI is a perfect solution for manufacturers pursuing a ZTNA-based approach to protecting every browser session from intrusions and breach attempts. RBI doesn’t force an overhaul of tech stacks, it protects them, taking a zero-trust security approach to browsing by assuming no web content is safe.
Leaders in RBI include Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler. Ericom is noteworthy for its approach to zero-trust RBI by preserving the native browser’s performance and user experience while hardening security and extending web and cloud application support.
The future of zero trust in manufacturing
Cyberattackers have learned to target manufacturing businesses for maximum impact, asking for millions of dollars in ransom payments to return data and operable systems. Locking up a supply chain with ransomware is the payout multiplier attackers want because manufacturers often pay up to keep their businesses operating. That’s why the manufacturing industry needs to consider how to move quickly on zero trust. With every identity and a new security perimeter, manufacturers must make ZTNA a priority going into 2023.
This article was written by Louis Columbus from VentureBeat and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to legal@industrydive.com.
The time is now for manufacturers to embrace a zero-trust mindset and prepare for success by leveraging the latest cloud-optimized technology, like Secure Access Service Edge (SASE), from Windstream Enterprise.
