03 April, 2023
Technological change is driving the manufacturing sector to reevaluate its cybersecurity approach. This is true for both information technology (IT) and operational technology (OT) infrastructure. More than ever, these two infrastructures must be tightly coupled. For those running legacy ERP and IT systems, the cybersecurity challenges are different, but no less pressing. These businesses encounter inability to patch systems due to stability concerns, as well as a lack of basic cybersecurity features such as user authentication or encryption.
Regardless of the age of infrastructure, a complete integration of IT with OT is nearly always the path forward to greater cybersecurity.
What types of cyber-attacks are manufacturers facing?
According to a report by the cyber insurance company Allianz, cyber-attacks against critical infrastructure are more likely to target infrastructure control systems than attempt to steal data. A survey of critical infrastructure suppliers showed that 54% reported attempts to control systems, and 40% had experienced attempts to shut down systems.
Manufacturers are vulnerable to attacks designed to cause extended operational downtime. They are also highly sensitive to the loss of trade secrets and customer data. This is especially true for manufacturers working in the Defense Industrial Base (DIB) sector.
In addition, manufacturers have seen an increase in remote workers, in an industry that is unaccustomed to large swaths of their workforce working remotely. Remote workers are particularly vulnerable to phishing attacks, which can become a vector for ransomware attacks. Ransomware locks down data until a ransom is paid. For a manufacturer, that is analogous to locking down the production line.
A Study conducted by Deloitte and the Manufacturer’s Alliance for Productivity and Innovation (MAPI) found that over 12 months, 40% of the manufacturers surveyed had operations affected by a cyber incident. Of those affected, 87% suffered unauthorized access to infrastructure; 86% experienced operational disruptions; and 85% experienced intellectual property theft.
Manufacturers must maintain highly dispersed and diverse infrastructure and supply chains. This makes it difficult to monitor real-time inventories of their OT/IoT devices and systems. But this is a minimum requirement for developing a baseline cybersecurity strategy for OT and IT systems. Manufacturers must be able to monitor their network state in real-time and understand device behavior.
What can manufacturers do to protect themselves?
The ability to detect bad actors in real-time is key to preventing operational disruptions. ICG’s endpoint monitoring is key along with a full-time Security Operations Center (SOC) to monitor all endpoints and perimeters at all times.
In addition, ICG recommends nine essential components to protect your business. Our list evolves as the cybersecurity landscape evolves. We list our recommendations on our Cybersecurity Approach page.
Real World Examples:
Compromised and Remediated and Expensive Weekend
ICG receives multiple calls in a quarter from manufacturers that have been compromised. Late last year we had a call from an organization with two anti-malwares installed, zero monitoring, minimal maintenance, and network challenges. Our SOC and Security team quickly contained and remediated the issue over a three-day weekend. We got them back up and running to resume normal manufacturing operations. This was an expensive lesson. If our SOC toolset and monitoring were in place, the event would have never happened (or at minimum, instantly contained to one device).
Detect, Investigate, Remediate
A customer running our DataGuard365 endpoint security/SOC monitoring and remediation had an event on an workstation. ICG was on site that day performing some systems maintenance. The person ran to find our team, panicking as to what might be going on with her workstation. Unknown to her, by the time she ran down the hall to alert us, ICG’s DG365 SOC had contained, remediated, and restored her workstation to full operation.
Why ICG for cybersecurity?
Our team of experts is well-versed in both manufacturing and technology. This means we understand the unique cybersecurity challenges facing manufacturers today. We have seen many times where people rely on only Sentinel One or Crowdstrike to protect the business. That is better than nothing, but software alone only catches about 45% of compromises. How to use the tools, and more importantly, ICG's proprietary algorithms and alerts applied with the software and SOC monitoring are truly what differentiate us from everyone else. ICG beats the 19 hour industry standards by miles and miles: ICG’s average time-to-detect is 1-minute, average time-to-investigate is 4 minutes, and average time-to-remediate is 19 minutes. Time is money, time is productivity, and the perpetrator’s goal is to disrupt or close your business. This is the only solution that prevents, protects, remediates, and provides actionable insights to correct and prevent future incidents.