The FBI recently issued its annual Internet Crime Report documenting the top cyber complaints from the past year. Manufacturing ranked second among critical infrastructure sectors most commonly victimized by ransomware attacks.
Recently, Deloitte also noted the increase in cybercrime against manufacturers in its Global Cyber Executive Briefing. The report details that manufacturers are increasingly targeted not just by traditional malicious actors such as hackers and cyber-criminals, but also by competing companies and nations engaged in corporate espionage. Motivations vary from seeking money to attempts to gain competitive advantage and strategic disruption.
In the Deloitte report, analysts explained that many existing manufacturing systems were developed at a time when security was much less of an issue. “The focus of manufacturing technology has traditionally been on performance and safety, not security,” analysts said in the report. “This has led to major security gaps in production systems,”
This video hones in on the particular cybersecurity threats facing manufacturers:
We caught up with Perez-Etchegoyen to look further into the cyber vulnerabilities that manufacturers face.
Design News: Why manufacturers? Are they particularly vulnerable?
Perez-Etchegoyen: The diversity of the environments that are typically deployed across the organizations within the manufacturing industry leads to significant security gaps that are exploited by ransomware gangs. We are talking about corporate networks with traditional protections, as well as manufacturing plants and industrial locations with widespread OT networks that may have very diverse levels of security across the board.
DN: Is it because they are quick to pay off the ransom to avoid downtime?
Perez-Etchegoyen: Downtime does become critical in the manufacturing world. Revenue is dependent on being able to operate the plants and ransomware tends to be very destructive, causing significant downtime that translates into significant losses for organizations. That is why, in many cases, manufacturing organizations prefer to pay the ransom in an attempt to restore operations with the lowest possible downtime.
DN: Does it have to do with the conflict between IT and OT priorities?
Perez-Etchegoyen: That definitely contributes. The levels of investment and security protections that organizations deploy on IT networks are way more advanced than whatever is ultimately deployed across the OT networks. The devices connected to OT networks are not managed with security as a priority, but with availability as a driver for productivity, generating a conflict when there are required downtime windows to perform improvements or apply security patches.
DN: What are some of the solutions?
Perez-Etchegoyen: We could try to bring a sophisticated plan into life but the reality is that the solution starts with basic hygiene. That means applying security patches across the board, managing security configurations, and implementing the principle of assigning the least privilege. If we think about the 80-20 rule (20% of the work generating 80% of the outcomes), those three security measures would probably get you pretty close to that 80% threshold.