Freestocks I P Oq P6k Coi Unsplash

How Can Manufacturers Stop Damaging Cyber Attacks?

Nov. 10, 2020
Privileged access security might be the route to addressing manufacturing's current cyber attack trend.

Numerous events over the past few months have shown that manufacturers are increasingly susceptible to malicious threat actors.

“Driven by competitive pressures, manufacturers of all sizes have accelerated adoption of cloud, DevOps and other digital transformation initiatives to improve operations and gain competitive advantage, says Bryan Murphy, director of consulting services, at CyberArk. “A big part of these initiatives is the effort to update the operational technology (OT) environments that are used to run industrial enterprises. Historically, these systems were isolated from other systems, but as OT environments have increasingly become connected to IT systems and the Internet, the risk of intrusion by malicious actors has multiplied.”

Murphy adds, the pandemic has also caused a rapid shift for industrial enterprises to set up infrastructure to support remote workers, which in many cases has led to more security gaps for attackers to exploit. According a recent CyberArk survey, common work-from-home habits like password re-use using corporate devices for personal activities puts critical business systems and sensitive data at risk.

“These technology trends are amplified by the large-scale disruption of global supply chains caused by the pandemic. The combination of increased security vulnerabilities with the need to mitigate further business disruption has made the manufacturing sector a prime target for cyberattacks by both criminal organizations and nation-states,” he says. “These trends play a big part in why we’re seeing more manufacturer face devastating attacks like ransomware, which can grind operations to a halt.”  

Role of privileged access security

Maintaining business continuity and resiliency in the face of a dynamic threat landscape begins with understanding the mindset of an attacker. The motivation of an attacker doesn’t matter – whether it’s financial gain or stealing IP, the attack cycle remains relatively constant.

Attackers are leveraging phishing tactics as well as exploiting known vulnerabilities to gain access, explains Murphy. “From there, they’ll typically seek to exploit privileged accounts – those accounts with broad and powerful administrative access -- for the purposes of reconnaissance or to maintain persistency on the network to launch further attacks,” he says. “Without privileged access, however, the vast majority of attacks don’t proceed beyond the initial stage. Stopping attackers from becoming a privileged insider is critical to addressing today’s threat landscape.”

Of course, manufacturers are not alone in dealing with this challenge. The push for digital transformation has contributed to privileged account sprawl across cloud and hybrid environments, opening up even more potential access points. “Critical business processes, applications and cloud instances, for example, all have associated privileged accounts that need to be maintained and protected,” says Murphy. “Securing privileged access disrupts the attack cycle – restricting the spread of an attack.” 

A good example of this is found in ransomware attacks, which continue to plague the manufacturing industry.  These attacks typically start on an endpoint, with the goal of moving laterally into networks to encrypt files, applications and systems so the attacker can hold the organization hostage until the ransom is paid.  Privileged access management can limit the spread of ransomware and keep it contained to the initial infection point.

The compromise of privileged accounts lies at the core of the cyberattack cycle – which is why securing privileged accounts and credentials can minimize attacks. According to the recently released Gartner Magic Quadrant for Privileged Access Management, “By 2024, 50% of organizations will have implemented a just in time (JIT) privileged access model, which eliminates standing privileges, experiencing 80% fewer privileged breaches than those that don’t.” 

Keys to success

According to Murphy, the most important step is gaining executive sponsorship around securing privileged access. Executives concerned with increasing security to avoid business disruption should know what their privileged-related risk is and how they’re managing it.

“From there, visibility into where exactly privileged accounts and credentials exist is critical. Privileged accounts are created and privileged access is granted with every new cloud environment, every business application, and connection with a supply chain partner,” he says. “The speed at which manufacturers are transforming infrastructure, OT and IT environments exacerbates the issue.”

Hidden privileges exist everywhere across infrastructure – attackers count on this to carry out their attacks, explains Murphy. “We’ve discovered numerous former employees that never had privileged access removed, contractors and external employees with privileged access to systems, and even supply chain partners and vendors connected to networks via privileged access rights. These accounts were dormant – but active – within the infrastructure and susceptible to attack,” he says.

The privileged-related attack surface is much broader than most organizations realize. Understanding and prioritizing the risk created by privileged accounts is the best way to get started. This requires identifying the types of privileged accounts and credentials that exist across their environments, both OT and IT.

“Organizations can have hundreds of thousands of privileged credentials across these environments, with more created daily. Classifying the types of privileged access by the risk they crate is essential,” says Murphy. “This should include identifying the organization’s most critical systems – systems that contain data and needs secured due to regulatory requirements, systems with intellectual property, and systems with known vulnerabilities. By identifying all critical systems, and securing privileged access to them, manufacturers can protect the riskiest accounts and credentials first to avoid an attack from damaging operations.”  

Popular Sponsored Recommendations

Interconnected but Exposed: Hidden Third-Party Cyber Risks in Manufacturing

March 7, 2024
Dive into the cyber risks facing US manufacturing from third-party ties. Learn mitigation, secure access, and compliance strategies with live solution demos. Equip your business...

How Organizations Connect and Engage with Frontline Workers

June 14, 2023
Nearly 80% of the 2.7 billion workers across manufacturing, construction, healthcare, transportation, agriculture, hospitality, and education are frontline. Learn best practices...

6 Ways Manufacturers Can Use GenAI Today

Feb. 1, 2024
Hear six compelling use cases where generative AI is making a significant impact in augmenting frontline workers and transforming operations. Learn how GenAI Assistants and smart...

Adopting an Open Ecosystem: The Way Forward for Frontline Operations

March 11, 2024
Today's manufacturing tech stack thrives on connectivity, integrating new and legacy players for a seamless operation - not on monolithic systems. Embrace the future of frontline...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!