October 29, 2021
A blueprint for combatting ransomware in the manufacturing industry
Manufacturing network vulnerabilities
As Industry 4.0 continues to accelerate, automation and digitisation are a double-edged sword for the manufacturing industry. While technology dramatically enhances productivity and efficiency, the industry is now one of the most vulnerable and profitable sectors for cybercriminals. With a high probability of accessing invaluable data, and third-party extortion, cybercriminals wait undetected in networks, preying on vulnerabilities and weaknesses—with profitable results.
According to Make UK, 48 percent of manufacturers have at some point been subject to a cybersecurity incident, including ransomware attacks. In fact, in 2020, the number of reported incidents on manufacturing entities more than tripled, and ransoms are skyrocketing. A study by Kivu Consulting found that the industry spent more than any other sector on ransomware payments last year, ringing in at USD 6.9 million. The automotive industry is especially vulnerable to attack as cybercriminals target personal and financial data from employees and customers, including Personal Identifiable Information (PII) and banking details. Furthermore, a 2021 report from Black Kite highlights that “About half of the top 100 companies in the auto industry are highly susceptible to a ransomware attack.”
Manufacturing network vulnerabilities
A smart auto manufacturing plant, and the network of hundreds of suppliers that support it, usually comprises interconnected IT systems, giving cybercriminals easy access to designs, intellectual property, and procurement data, including vehicle design and manufacturing specifications. Network vulnerability stems from three main areas:
Internet of Things (IoT):
Today, 80 percent of manufacturers have integrated IoT into operations to optimize production, reduce costs, and streamline processes. Automakers manage hundreds of thousands of endpoints, and while modernizing technology to be more interconnected with the internet, factory operational technology environments are at risk. Beyond the factory floor, ransomware gangs can halt connected cars by putting malware into the operating system.
The Supply Chain:
According to research, 63 percent of security breaches are caused by third-party providers, including vendors and suppliers. The supply chain is a lucrative target because these third-party suppliers require access to critical data and often accept weaker security processes – easily exploited by cybercriminals. Cyber espionage is also a growing threat between manufacturers themselves and countries looking for information related to design, innovation, patents, research, and development in a highly competitive industry.
Thirty-five percent of attacks on manufacturers are due to human error or intentional acts from people with network access. Today manufacturing employees, including machine operators, office personnel, and delivery drivers, have access to critical systems and company data, which they can access using their own device. This issue was exacerbated during the pandemic as some employees were forced to work remotely.
As the industry more urgently turns its focus toward cybercrime, the ideal cybersecurity solution offers a single view into the entire network and all connected devices, eliminating the need for multiple tools to monitor and detect a growing array of attacks. By adopting Network Detection & Response (NDR) solutions, factories can gain visibility into all areas that make up a connected environment, both on-premise and in the cloud.
A unified command center to fight ransomware
This is where ForeNova’s Attack Surface Blueprint, delivered by NovaCommand, comes in. The blueprint helps manufacturers avoid becoming the next victim by seeing what cybercriminals see. It provides a complete view of an organisation's IT landscape, including the most common exposures - and easy targets for cybercriminals. Built by ForeNova’s team of ransomware experts, using data gathered from thousands of enterprises, ransomware attacks, and undetected threats, an Attack Surface Blueprint gives security professionals the intel required to move quickly and confidently in responding to threats.
NovaCommand, a unified command center, can detect various hidden threats – whether new or existing. By leveraging behavioral detection, backed by thousands of network signals and more than 800 artificial intelligence (AI) models, we validate, triage, and establish root causes in minutes or hours instead of days.
Understanding that manufacturers need to minimize unnecessary lags in production, NovaCommand eliminates false positives and activates only those representing a cyberattack. In response to actual threats, it automatically blocks network traffic, prioritizes the threat, quarantines suspicious files, and triggers the correct response actions while eliminating suspicious domains. It then provides incident responders with the tools they need to make risk-based decisions and mitigate attacks in near real-time.
To avoid becoming the next victim, auto manufacturers, and manufacturers at large, must adopt a posture of detection and response to help mitigate risks within their network environments. With full visibility into the ‘attack surface’, they can start to fight back–and beat ransomware gangs at their own game.
Ready for your custom blueprint?