Skip to main content
search
All BlogsCritical InfrastructureIndustrial Cybersecurity

Secure Manufacturing Against Four Top Cyber Risks

By March 6, 2024No Comments
All BlogsCritical InfrastructureIndustrial Cybersecurity

Secure Manufacturing Against Four Top Cyber Risks

By March 6, 2024 No Comments

Author: Chase Snyder, Sr. PMM, Xage Security

The manufacturing sector has increasingly become a prime target for cyber threats, with manufacturer critical infrastructure facing a growing number of cyberattacks. These attacks are not only becoming more frequent but also more sophisticated, causing substantial financial and operational damage. Manufacturers accounted for over 30% of all cyber extortion attacks in 2023 according to one report. The cost and damage of these cyberattacks can be staggering, both in terms of direct financial losses and long-term reputational harm. An attack on Clorox in 2023 cost over $300 million to remediate, and impacted production and product availability for at least a month.

In navigating these cyber threats, it is crucial to understand several key sources of risk to manufacturing organizations, and implement effective security solutions. Four major vectors of cybersecurity risk in manufacturing are:

  • Human error and insider threats
  • Vulnerable legacy remote access systems and “backdoor VPN”
  • Third party contractor access and unmanaged devices
  • Supply chain vulnerabilities

Human Error and Insider Threats to Manufacturing Plant Security

Human error and insider threats pose significant cybersecurity challenges. Employees can inadvertently introduce risks by falling victim to phishing attacks or mishandling sensitive information. Additionally, malicious insiders can intentionally compromise systems, causing substantial damage.

The Clorox Company suffered a major cyberattack that affected production and ultimately resulted in a drop in their stock price, costing the company an estimated $350m. The attack is suspected to have started with a social engineering scheme that gave the attackers access to legitimate user credentials inside Clorox networks.

A zero trust access solution can mitigate these risks by implementing identity-driven access control and continuous verification. This ensures strict control over access to critical assets, automatically revokes access upon employee termination, and detects suspicious activities in real time, mitigating the risk of both human error and insider threats.

Vulnerable Legacy Remote Access Systems and “Backdoor VPN”

Many manufacturers rely on legacy systems that may not be regularly updated, making them vulnerable to cyberattacks. 2024 has already seen a flood of new vulnerabilities exposed in legacy VPNs such as Ivanti and Cisco ASA. These systems can have known vulnerabilities that are easily exploited by cybercriminals. Manufacturers are also often exposed to cyber risk through their technology providers who require remote connectivity or “backdoor vpn” access to monitor and maintain production line equipment they provide. These unmanaged connections can provide a vector for cyberattackers to gain initial access.

Zero trust access controls and granular credential management can enhance the security of these systems by overlaying additional security controls. Multi-factor authentication, role-based access controls, and zero trust microsegmentation can prevent a vulnerable legacy system from causing undue exposure throughout a manufacturing environment. This approach fortifies defenses against vulnerabilities in outdated or unpatched systems.

Third-Party Contractor Access and Unmanaged Devices

Manufacturers often rely on service providers and contractors to conduct maintenance on the technology they provide, or optimize production processes. These contractors may need to use specialized software on their own laptops, which they bring directly into the manufacturing plant without being subject to the same security policies as in-house devices. Severe ransomware attacks have resulted from infected laptops being brought directly into manufacturing environments, bypassing security controls. It is easy to say “just don’t let contractors bring their own laptops,” but things are not that simple. Manufacturing contractors or service providers often need very specific client-server type software that is installed on their own laptops, so the only way to conduct needed maintenance is to allow them to connect to industrial control systems. New technology is now enabling these client-server applications to interact remotely through a secure mesh, and rapid adoption is needed to secure these critical environments. 

While many organizations attempt to improve manufacturing plant security by enforcing separation or an “air gap” between IT and OT systems, these protections often only work in one direction. Malware that is first introduced in the manufacturing plant itself can still propagate out into the broader enterprise IT environment.

A combination of Remote Privileged Access Management (RPAM) and Zero trust microsegmentation can limit the ability of third parties and unmanaged devices to introduce risk into the environment in two ways:

  1. Zero Trust Microsegmentation prevents lateral movement within the initially compromised manufacturing plant, as well as stopping self-propagating malware from jumping into the IT realm, or from the IT into the OT. 
  2. RPAM enables manufacturers to allow third party access while restricting that access to only the necessary devices, and enforcing granular policies about what actions the third-party may take on the devices they access.

Supply Chain Vulnerabilities and Cyber Risk

Manufacturers are part of extensive supply chains and often share data with suppliers and partners. Parts suppliers in the manufacturing industry have unusually robust integration into the systems of manufacturers they supply. Cyberattacks on any part of this chain can compromise the entire network. Toyota’s 2022 production shutdown in Japan due to a cyberattack on one of its suppliers is a prime example of the ripple effects an attack on a supplier can have on manufacturing plant security, ultimately impacting production and costing the business millions.

An effective implementation of the principle of least privilege and more stringent access control could have ensured secure, controlled connectivity between Toyota and its suppliers, and prevented malware propagation from the supplier to Toyota’s systems.

Zero Trust Is A Must for Secure Manufacturing

In the face of escalating cyber threats, manufacturers must prioritize robust cybersecurity measures. Xage provides zero trust cybersecurity for manufacturers, delivering technical capabilities that can play a pivotal role in mitigating these risks. By focusing on areas such as access control, real-time monitoring, and comprehensive security solutions, manufacturers can strengthen their defense against the diverse range of cyber risks they face today.

Related Posts

Image of an Arcane Door generated by ChatGPT. All BlogsCyber News
April 26, 2024

ArcaneDoor: Firewall, or Open Door?

MFA for Remote Access All BlogsIdentity-Based Security
April 24, 2024

MFA for Remote Access: Benefits & Challenges

Zero Trust and Microsegmentation All BlogsZero Trust
April 10, 2024

Zero Trust and Microsegmentation

Close Menu