The manufacturing sector is undergoing a digital revolution under the banner Industry 4.0. This new age of smart technology and digitization within the manufacturing industry is transforming standard operating procedures into streamlined, automated, and internet-enabled workflows.
However, what is good for the sake of innovation is not always the most secure.
Operational technology (OT), industrial control systems (ICS) and programmable logic controller (PLC) systems were not originally built to be connected to the internet. These were on-premise systems that have become global networks, and it’s causing some serious security problems.
Lack of Visibility and Monitoring is Hurting Manufacturing Cybersecurity
Manufacturing organizations do not have sufficient insight or visibility into critical systems, workflows, and access points. Over half stated that their biggest barriers to achieving a strong security posture are:
- A lack of visibility into people (a.k.a. digital identities with access privileges) and business processes
- Lack of oversight or governance
- Insufficient assessment of cybersecurity risk
Manufacturing companies have several (up to thousands) of employees, vendors, remote access, systems, assets, and OT—all of which are attack vectors. Hackers could exploit any of these to gain access, which is why they all need to be controlled. But if IT and security teams don’t have visibility into the digital identities and workflows and processes that are a part of their environment, it’s impossible to gauge risk and accurately build security architecture around those risks.
Shockingly, 68% don’t have visibility into the level of access and permissions granted to internal and external parties. Knowing the level of access of each digital identity isn’t just a best practice, it could be the difference between granting a hacker full network access or stopping them in their tracks.
In addition, 42% do not monitor third-party access or their session activity. And most don’t document the type of network access their third parties are granted. For many organizations, vendor access is treated like employee access, which is too open and too privileged, considering third parties only need access to certain applications to do their job.
Manufacturers Are Not Controlling Network Access
When it comes to the nitty-gritty of cybersecurity, it comes down to how you can best control your users, their access rights and the endpoint. Manufacturing organizations that house some of the most complex operational systems are not controlling the identities and access points that lead to their critical endpoints.
A mere 28% of manufacturing organizations are deploying enhanced identity and access management techniques, while only 25% implement the principle of least privilege access so users only have access that’s needed for their responsibilities and nothing more.
More and more hackers are targeting third-party remote access and unprotected or shared credentials. 41% aren’t removing network access credentials when users no longer need it, which means 59% of manufacturers could still have open access points that are left unmonitored and unprotected.
Lastly, when it comes to network access, less than half can restrict the network access of their users and practice network isolation.
Protect OT And IIoT With Security Controls and Monitoring
As a result of all these issues, 52% don’t consider their organization highly effective in controlling third-party network access, mitigating remote access risk, or achieving compliance.
Proper cybersecurity implementation in a manufacturing environment consists of controlling access and controlling user identities—then, separately, monitoring within the environment for cyber health.
- Controlling access: Proactive security measures can control access from internal users and third parties. Zero trust-based methods like restricting user access down to the protocol level can limit lateral movement in case a bad actor breaches a network. And credential management capabilities lock down passwords in case vendors share logins or a leaked password gets compromised (like with Colonial Pipeline).
- Controlling identities: Digital identities are the disguises bad actors need to exploit credentials and access points. Authentication techniques like multi-factor authentication and employment verification are effective methods in vetting your users and ensuring the identity accessing your PLC is the same person you hired to repair the PLC.
- Monitoring: It’s not just the endpoint that needs monitoring. The access itself—whether that’s through privileged access methods or remote access—needs monitored to watch for any anomalous behavior that could impact OT and industrial internet of things (IIoT).