Recently, the cybersecurity spotlight has been on manufacturing, and not for good reason. Manufacturing is the second most-targeted industry by cyber-attackers, and the most notorious hacks of 2021 happened in the manufacturing and critical infrastructure sector. The Colonial Pipeline and JBS hacks caught the attention of the entire country – not just because the companies were victims of cybercrime, but because the consequences of the cybercrime fell outside of the digital landscape: America experienced gas and fuel shortages as well as meat production delays and inflation due to the respective cyber-attacks.
Manufacturing organizations are often at high risk for a pretty simple reason: they have a lot to offer hackers. Between the real-world implications outlined above and the damage done from operational downtime, manufacturers can’t afford to spare time to respond to a data breach, meaning there’s even more incentive to pay ransoms and acquiesce to hackers immediately. As a result, ransomware payouts in the manufacturing industry average higher than in any other industry. Yet, there’s another culprit that makes manufacturers even more appealing to hackers: remote access.
Remote Access in Manufacturing
Manufacturers use thousands of third parties to run daily operations. Even something as simple as operating a forklift may require a third-party vendor. This amount of third-party access creates tons of gaps in security that malicious hackers are all too happy to exploit.
Going back just five to ten years, manufacturing organizations relied on physical security to protect industrial control systems, critical data, operational technology and applications. Oftentimes, protecting these systems meant locks on doors, keycards, security cameras and security guards. Today, almost everywhere, that traditional physical security now has to be supplemented by a cybersecurity implementation that’s just as robust. Keeping out malicious parties, like hackers, is both a physical and digital challenge.
Remote access, by nature, is external access that’s necessary for the support of the manufacturer. Each instance of remote access is the digital equivalent of handing out a keycard that lets someone into one of these critical environments. Since manufacturers use hundreds and potentially thousands of third parties, that means hundreds and potentially thousands of keys are being handed out. Unless proper controls are in place, each of these instances creates a new opportunity for a hacker to find their way into the environment. As the need for remote access rises and the number of users increases, hackers also have a higher chance of finding the loose ends (such as shared credentials, simple passwords, a lack of MFA or overly broad access) and getting where they want to be due to privileged access that third parties often require.
How to Patch Remote Access Vulnerabilities
Remote access is unavoidable for manufacturers. In the age of smart factories and the fourth industrial revolution, decentralized workforces and remote access are now commonplace. Third parties are needed for manufacturers and critical infrastructure organizations to stay afloat. But that doesn’t mean you can’t patch the holes and vulnerabilities of remote access to minimize the number of threats.
- Expect the worst. You need to realize that you are inherently at risk. First, you’re in manufacturing – the second most targeted industry by hackers, as previously stated. Second, you use third parties, who are responsible for over half of data breaches. Third, the rate of hacking methods like ransomware is only increasing. Finally, the old ‘it’s never going to happen to me’ mentality is hurting organizations because they’re neglecting to accept the reality of the threat landscape and build security structures that will protect them. Don’t have this mindset – have a mind shift and realize you’re under attack.
- Put granular controls in place. The tighter your security controls are, the more protected you’ll be. It’s no longer just having complex passwords and making sure two-factor authentication is in place. Hackers are smarter than that. You need a myriad of security controls that stop hackers in their tracks at each step of their path into your network and systems.
- Track all access. The only way to make sure nothing bad is happening in your operational technology (OT) and industrial control system (ICS) is to make sure you track and monitor all user access, especially remote access. Being able to trace any suspicious or anomalous user activity is paramount in holding your third parties accountable for their actions while in your systems. If there is an incident – whether a user or a technological glitch causes it – you can rewind the tape, see for yourself where the issue lies and adjust your security methods accordingly.
The best way to accomplish this is by finding alternative solutions to manage your third parties. There are various ways to better secure your access points, like access controls and authentication techniques. Research methods of securing third-party remote access for manufacturing and smart factories, and find what’s best for your organization. Any investment in securing third-party access points is an investment in the greater good of your organization.