Manufacturing at increased risk of cyber attacks
09 October 2018
It seems that cyber crime is never far from the headlines, once again hitting the front-pages recently when Dutch military intelligence thwarted a Russian cyber-attack on the headquarters of the international chemical weapons watchdog. While such incidents rightly gain much press coverage, it is important to remember that cyber security is important across the board and not just in matters of international security.
In its 2018 Spotlight Report on Manufacturing, leader in AI-powered cyberattack detection and threat hunting, Vectra, highlights that that the manufacturing industry exhibits higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity. This is due, asserts the company, to the rapid convergence of enterprise information technology and operational technology networks in manufacturing organisations. In other words, the adoption of IIoT and Industry 4.0 related technologies.
As part of key findings in the new 2018 Spotlight Report on Manufacturing, Vectra revealed that attackers who evade perimeter security can easily spy, spread and steal, unhindered by insufficient internal access controls.
In addition to the physical disruption that a cyber attack on a manufacturing or process facility undoubtedly has the potential to inflict, intellectual property theft and business disruption are additional primary reasons why manufacturers have become prime targets for cybercriminals.
Other key findings include a much higher volume of malicious internal behaviours, which is a strong indicator that attackers are already inside the network; an unusually high volume of reconnaissance behaviours, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets; and an abnormally high level of lateral movement, which is a strong indicator that the attack is proliferating inside the network.
“The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit,” said Chris Morales, head of security analytics at Vectra.
So, even if you haven’t experienced a cyber attack yet, the chances are that it won’t be long before you do. In the light of this, there is really is no excuse for not having a cyber security strategy in place, no matter what the size of your business. For those in the manufacturing sector wanting to know more, there is plenty of advice available; a good place to start for a brief overview is is the National Cyber Security Centre's 'Making Sense of cyber secuirty in OT environments', which can be found at ncsc.gov.uk/guidance/operational-technologies