Four Steps to Enhancing Your Manufacturing Security
In 2018, a cyberattack targeted TSMC, one of the world’s largest semiconductor manufacturers. The attack involved a variant of the WannaCry ransomware that exploited a vulnerability in TSMC’s computer network to encrypt data on the company’s systems and demand a large sum in exchange for the decryption key. The attack led to TSMC temporarily halting chip production, which resulted in delays and disruptions to the global supply chain of electronic devices, such as smartphones and computers. The estimated financial impact of the attack was approximately $170 million. According to IBM Security’s 2023 X-Force Threat Intelligence Index, the manufacturing industry has become the most targeted sector globally—surpassing finance and insurance.
One of the reasons the manufacturing industry is so attractive to hackers is the significant role it plays in the global supply chain. Bad actors are exploiting the industry’s low tolerance for downtime and using it to cause chaos. Shockingly, almost half of all attacks exploit pre-existing weaknesses, underlining the need for better vulnerability management. What’s worse, according to IBM’s security index 41% of the attacks are carried out using phishing methods.
Manufacturers today face a highly complex and rapidly evolving security landscape. Several converging factors over the last few years have made security more challenging than ever before:
The trend towards automation and digitisation in the industry has increased tremendously with the arrival of Industry 4.0, resulting in more digital assets from more vendors, increased system connectivity, and the advent of IP-based industrial network traffic. While this has led to faster production and lower costs, it has also created more opportunities for cyber threats to exploit manufacturers’ systems.
Third-party attack vectors (through an unprotected partner or facility) are a common way of infiltrating a manufacturer’s infrastructure. Facilities must be able to connect and share data with vendors and partners, which is a pressing issue due to remote access requirements for key systems (and exacerbated by Covid-19). Hence, vendors, partners and facilities must be able to securely provide remote access to vital systems while also protecting data privacy.
Compounding the issue, regular security updates are often neglected due to the financial cost of downtime, while the rising level of sophistication and automation employed by cyber-criminals make them more challenging to detect and combat. As such, it’s crucial for manufacturing companies to strengthen their cybersecurity protection and implement practical measures to mitigate risks posed by attacks and human error, which may cause downtime, lost business, or reputational damage.
So, how can manufacturing companies enhance their cybersecurity posture? What practical measures can they implement?
1. Establish visibility
To ensure the network security, manufacturers should consider mapping their entire network and creating a visual model of all assets, devices, connections, and protocols. Given the complexity of modern manufacturing systems, gaining a clear understanding of the infrastructure’s components and topology is crucial. Mapping the network enables identifying weak points or concealed entryways, and network modelling can be utilised to detect anomalous or suspicious activities while safeguarding critical operations.
2. Evaluate the level of risk
Once the network is mapped, the next step for manufacturers is to conduct a risk assessment to evaluate their security posture, identify critical gaps, and assess the potential business impact of an attack. This involves identifying potential threats and assessing the level of risk exposure of the network based on its specific features.
A comprehensive risk assessment can help manufacturers gauge the effectiveness of their current mitigation measures and guide decision-making on budgeting and risk reduction planning. It can also highlight areas that require more significant security investment.
3. Proactive planning
Equipped with a clear picture of their network’s exposure to risk and the threat landscape it faces, manufacturers can create and execute a practical security plan—the playbooks that specify the procedures for handling cyberattacks. This plan could entail limiting remote access to specific systems or upgrading security controls for older equipment.
The playbooks should be based on various factors, such as financial limitations, threat and control levels, and the company’s security preferences. For instance, in the short term, strengthening one particular business unit may be a priority, whereas reducing overall business risk may be a long-term objective.
4. Monitor closely
Continuous real-time network monitoring should be the final step in the process. Since the threat landscape constantly evolves, monitoring network activity regularly is crucial to keeping up with attackers. This approach allows manufacturers to manage OT security in the long term by identifying any abnormal activities that may indicate a breach attempt. While it’s challenging to prevent all breaches, ongoing monitoring helps security teams detect attackers early and minimise any potential business impact, such as downtime.
Time to take action
In today’s threat landscape, it’s inevitable for manufacturers to experience a breach at some point. However, by implementing the appropriate security framework and following these steps, they can put themselves in the best position possible to preserve their operations and avoid costly downtime, even in the event of an attack.