Freestocks
Freestocks I P Oq P6k Coi Unsplash 5fa85251c9bb3

How Can Manufacturers Stop Damaging Cyber Attacks?

Nov. 10, 2020
Privileged access security might be the route to addressing manufacturing's current cyber attack trend.

Numerous events over the past few months have shown that manufacturers are increasingly susceptible to malicious threat actors.

“Driven by competitive pressures, manufacturers of all sizes have accelerated adoption of cloud, DevOps and other digital transformation initiatives to improve operations and gain competitive advantage, says Bryan Murphy, director of consulting services, at CyberArk. “A big part of these initiatives is the effort to update the operational technology (OT) environments that are used to run industrial enterprises. Historically, these systems were isolated from other systems, but as OT environments have increasingly become connected to IT systems and the Internet, the risk of intrusion by malicious actors has multiplied.”

Murphy adds, the pandemic has also caused a rapid shift for industrial enterprises to set up infrastructure to support remote workers, which in many cases has led to more security gaps for attackers to exploit. According a recent CyberArk survey, common work-from-home habits like password re-use using corporate devices for personal activities puts critical business systems and sensitive data at risk.

“These technology trends are amplified by the large-scale disruption of global supply chains caused by the pandemic. The combination of increased security vulnerabilities with the need to mitigate further business disruption has made the manufacturing sector a prime target for cyberattacks by both criminal organizations and nation-states,” he says. “These trends play a big part in why we’re seeing more manufacturer face devastating attacks like ransomware, which can grind operations to a halt.”  

Role of privileged access security

Maintaining business continuity and resiliency in the face of a dynamic threat landscape begins with understanding the mindset of an attacker. The motivation of an attacker doesn’t matter – whether it’s financial gain or stealing IP, the attack cycle remains relatively constant.

Attackers are leveraging phishing tactics as well as exploiting known vulnerabilities to gain access, explains Murphy. “From there, they’ll typically seek to exploit privileged accounts – those accounts with broad and powerful administrative access -- for the purposes of reconnaissance or to maintain persistency on the network to launch further attacks,” he says. “Without privileged access, however, the vast majority of attacks don’t proceed beyond the initial stage. Stopping attackers from becoming a privileged insider is critical to addressing today’s threat landscape.”

Of course, manufacturers are not alone in dealing with this challenge. The push for digital transformation has contributed to privileged account sprawl across cloud and hybrid environments, opening up even more potential access points. “Critical business processes, applications and cloud instances, for example, all have associated privileged accounts that need to be maintained and protected,” says Murphy. “Securing privileged access disrupts the attack cycle – restricting the spread of an attack.” 

A good example of this is found in ransomware attacks, which continue to plague the manufacturing industry.  These attacks typically start on an endpoint, with the goal of moving laterally into networks to encrypt files, applications and systems so the attacker can hold the organization hostage until the ransom is paid.  Privileged access management can limit the spread of ransomware and keep it contained to the initial infection point.

The compromise of privileged accounts lies at the core of the cyberattack cycle – which is why securing privileged accounts and credentials can minimize attacks. According to the recently released Gartner Magic Quadrant for Privileged Access Management, “By 2024, 50% of organizations will have implemented a just in time (JIT) privileged access model, which eliminates standing privileges, experiencing 80% fewer privileged breaches than those that don’t.” 

Keys to success

According to Murphy, the most important step is gaining executive sponsorship around securing privileged access. Executives concerned with increasing security to avoid business disruption should know what their privileged-related risk is and how they’re managing it.

“From there, visibility into where exactly privileged accounts and credentials exist is critical. Privileged accounts are created and privileged access is granted with every new cloud environment, every business application, and connection with a supply chain partner,” he says. “The speed at which manufacturers are transforming infrastructure, OT and IT environments exacerbates the issue.”

Hidden privileges exist everywhere across infrastructure – attackers count on this to carry out their attacks, explains Murphy. “We’ve discovered numerous former employees that never had privileged access removed, contractors and external employees with privileged access to systems, and even supply chain partners and vendors connected to networks via privileged access rights. These accounts were dormant – but active – within the infrastructure and susceptible to attack,” he says.

The privileged-related attack surface is much broader than most organizations realize. Understanding and prioritizing the risk created by privileged accounts is the best way to get started. This requires identifying the types of privileged accounts and credentials that exist across their environments, both OT and IT.

“Organizations can have hundreds of thousands of privileged credentials across these environments, with more created daily. Classifying the types of privileged access by the risk they crate is essential,” says Murphy. “This should include identifying the organization’s most critical systems – systems that contain data and needs secured due to regulatory requirements, systems with intellectual property, and systems with known vulnerabilities. By identifying all critical systems, and securing privileged access to them, manufacturers can protect the riskiest accounts and credentials first to avoid an attack from damaging operations.”  

About the Author

Peter Fretty | Technology Editor

As a highly experienced journalist, Peter Fretty regularly covers advances in manufacturing, information technology, and software. He has written thousands of feature articles, cover stories, and white papers for an assortment of trade journals, business publications, and consumer magazines.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!