Gone are the days when cyberattacks were a passing deep concern for technology manufacturing companies. As smart machines swap legacy equipment, the volume of cyberattacks is fast growing, maximizing the risk of production slowdowns, product defects, and lower productivity.
 
Hackers know that many manufacturers, particularly those that have 24/7 production lines or operate in a just-in-time manufacturing environment, are not able to put up with a lengthy disruption without adverse business effects. This vulnerability has resulted in a sharp increase in ransomware attacks that use malicious software to hold a system hostage until a ransom is paid. Essentially, it is a style of felony.
 
The Chubb Cyber Index reveals that ransomware assaults against manufacturers exceed similar attacks against all other industry segments, including healthcare—a traditional target. Hackers believe that a hospital is more inclined to pay a ransom in order to restore operations for patient safety, and they expect manufacturers doing the same to keep the factory humming.
 
Similarly, Verizon’s 2018 Data Breach Industry Report, which cites cyber espionage as an increasing pressure, reflected that data breaches affecting manufacturers had also developed. On top of extorting a ransom, hackers are also increasingly interested in searching for a company’s research and development data, proprietary product blueprints, and intellectual property to sell on the Dark Web.
 
Upsides and Downsides
 
The advanced threat of a cyberattack puts technology manufacturers in a new and difficult position: a previously low-risk industry now has a high-risk profile. This is generally the result of the industry’s embrace of the Industrial Internet of Things (IIoT)—the internet-enabled connections between operational technology (OT) and information technology (IT).
 
Leveraging smart machines, technology manufacturers can make high quality products, boost productivity and obtain real-time insights into the supply chain to shift production where needed. These and other benefits are attainable thanks to sensor-produced machine data that travels from OT systems to IT systems where exactly the data is screened for business purposes. While these sensors can deliver great benefits to the manufacturer, they even offer a new avenue for hackers to exploit, providing a new opportunity for the data to be stolen or compromised.
 
Regardless of the very serious risks posed, the rewards of the IIoT have made it an integral part of efficient methods of production and its use will stay to increase. For that reason, technology manufacturers must strengthen the connections between their OT systems and IT systems to decrease unauthorized network intrusions. But how?
 
The 1st step in this process is to conduct a tech audit of the IT and OT systems to determine which assets are connected with the network. For one, it's not uncommon to find an old printer connected to the network. Over the past, having a random printer on the network wasn’t much of cyber risk, but now that the IT and OT systems also are on that same network, a hacker can potentially enter the printer’s antiquated operating system to gain entry onto the network and into the OT systems.
 
An audit will ferret out proof of unauthorized wireless local area networks within the plant’s perimeter and closeness. It’s advisable for audits to adhere to the cybersecurity standards, guidelines and best practices of a certified framework, like the one provided by the National Institutes of Standards and Technology (NIST).
 
Segment the Network
 
Start thinking about an office building with a locked front door but many rooms with unlocked doors inside it. Just after a burglar gets through the first door, he has access to the rest of the building. Network segmentation locks all the doors, and only those with keys can enter to various sections of the network. When defenses against unauthorized network access are applied, more sensitive data can be segmented behind other “doors” that are locked with higher levels of security.
 
Hiring a third-party penetration testing firm is one more smart tactic. They employ technicians who will try to defeat security methodologies and hack into the network. The lessons learned from these exercises can be used to further bolster security measures.
 
Keep in mind, vendors add value to a business, but they also put it at increased risk. Leverage software and other due diligence methods to clear and pre-qualify third- and fourth-party vendors just before they even enter the business ecosystem.
 
Last but not least, it’s incumbent upon all companies to learn and teach their employees to detect and report evidence of a phishing attack or other types of harmful programming, given the role that social engineering plays in hackers’ strategies. Some manufacturers also perform mock phishing attacks to find particular vulnerabilities and perk up their training programs—a smart tactic, given that the Chubb Cyber Index notes that more than 30 percent of cyber claims in 2018 involved phishing attacks.
 
This article is originally posted on tronserve.com