The Cure for the Manufacturing Security Threat: Zero TrustCain Chen
Manufacturers’ tech stacks and industrial control systems (ICS) were designed to deliver speed and transaction efficiency first, with security as a secondary goal. Nearly one in four attacks targeted manufacturers in the last year. Ransomware is the most popular attack strategy, and 61% of breaches targeted operational technology (OT)–connected organizations.
IBM Security’s X-Force Threat Intelligence Index 2022 states that, “Vulnerability exploitation was the top initial attack vector in manufacturing, an industry grappling with the effects of supply chain pressures and delays.”
Cyberattacks are a digital epidemic sweeping manufacturing, costing businesses millions in revenue and hours of lost production time. Manufacturing accounted for 68% of all industrial ransomware incidents in the third quarter of this year. On top of that, Dragos discovered that manufacturers suffered seven times more industrial ransomware incidents than the food and beverage industry. Forty-four percent of manufacturers had to temporarily shut their production lines down due to a cyberattack earlier this year.
Why Manufacturing Is the Top Target
Threat actors see supply chain attacks as ransom multipliers that can generate millions of dollars in just days. That’s because disrupting manufacturing supply chains strikes at the heart of a manufacturer’s ability to meet customer orders and grow revenue. Many manufacturers quietly pay the ransom because they have no other choice.
Another reason manufacturers are a top target is that their tech stacks are often built on legacy ICS, OT and IT systems that were streamlined for production speed, shop floor efficiency and process control — with security often a secondary priority.
Limited visibility across OT, IT, supply chain and partner networks is another primary reason manufacturers are getting breached so often. Trend Micro found that 86% of manufacturers have limited visibility into their ICS environments, making them an easy target for a wide variety of cyberattacks. A typical ICS is designed for process optimization, visibility and control. As a result, many have limited security in place.
Most ICS systems rely on air gaps as the first line of defense. Ransomware attackers are using USB drives to deliver malware, jumping the air gaps that industrial distributors, manufacturers and utilities rely on for that first line. Additionally, 79% of USB attacks can potentially disrupt the operational technologies (OT) that power industrial processing plants, according to Honeywell’s Industrial Cybersecurity USB Threat Report, 2021.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert earlier this year warning of attacks targeting ICS and SCADA devices.
The average damage from a manufacturing breach is $2.8 million. 89% of manufacturers who have suffered a ransomware attack or breach have had their supply chains disrupted. Knowing how vital supply chains are to manufacturers, cyberattackers target them to force bigger ransomware payouts, often using supply chain attacks as a ransom multiplier. Source: Trend Micro
Many manufacturers targeted by ransomware attacks have either had to temporarily cease operations to restore data from backup, or chosen to pay the ransom. Manufacturing leads all industries in cyberattacks as bad actors look to take advantage of unprotected Industrial Control Systems (ICS), supply chains and unprotected gaps between Operational Technologies, IT and evolving cybersecurity tech stacks. Source:
Pursuing Zero Trust: A Must for Manufacturers
The manufacturing industry must overcome the misconception that Zero Trust Network Access (ZTNA) frameworks are expensive, time-consuming and technologically challenging to implement. However, as they create a business case for zero trust complete with multicloud configurations factored in.
When choosing a solution, IT must be aware that cybersecurity vendors sometimes misrepresent their zero-trust capabilities, often confusing potential clients about what’s needed and what the vendor’s offering can do. The NIST provides a series of cybersecurity resources for manufacturers.
Start with multifactor authentication (MFA) across every endpoint
Improving endpoint security is crucial for manufacturers, as every transaction they rely on to receive and fulfill orders passes through endpoints. Forrester’s report The Future of Endpoint Management defines the six characteristics of modern endpoint management challenges.
Andrew Hewitt, the report’s author, told VentureBeat that when clients ask what’s the best first step they can take to secure endpoints, he tells them that “the best place to start is always around enforcing multifactor authentication. This can go a long way toward ensuring that enterprise data is safe. From there, it’s enrolling devices and maintaining a solid compliance standard with the UEM tool.”
ZTNA frameworks need to start with endpoints
Unfortunately, most mid-tier manufacturers’ IT staffs are already short-handed, making defining and implementing a ZTNA framework a challenge. A business case to pursue ZTNA-based endpoint security must be based on measurable, quantifiable outcomes. Cloud-based endpoint protection platforms (EPPs) provide an efficient on-ramp for enterprises looking to get started quickly. EPPs also increasingly support self-healing endpoints.
Self-healing endpoints shut themselves off; re-check all OS and application versioning, including patch updates; and reset themselves to an optimized, secure configuration. All these activities happen without human intervention.
A manufacturer’s security perimeter is identities and data
Every identity is a new security perimeter in the supply chain, across sourcing networks, service centers and distribution channels. Manufacturers need to adopt a ZTNA mindset that sees every human and machine identity outside their firewalls as a potential threat surface. That’s why, for manufacturers just starting with a ZTNA framework, finding a solution with Identity and Access Management (IAM) integrated as a core part of the platform is a good idea, and it’s essential to get IAM right early.
Remote browser isolation (RBI) solves manufacturers’ challenges in securing internet access
RBI is a perfect solution for manufacturers pursuing a ZTNA-based approach to protecting every browser session from intrusions and breach attempts. RBI doesn’t force an overhaul of tech stacks, it protects them, taking a zero-trust security approach to browsing by assuming no web content is safe.
Leaders in RBI include Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler. Ericom is noteworthy for its approach to zero-trust RBI by preserving the native browser’s performance and user experience while hardening security and extending web and cloud application support.
The Future of Zero Trust in Manufacturing
Cyberattackers have learned to target manufacturing businesses for maximum impact, asking for millions of dollars in ransom payments to return data and operable systems. Locking up a supply chain with ransomware is the payout multiplier attackers want because manufacturers often pay up to keep their businesses operating.
That’s why the manufacturing industry needs to consider how to move quickly on zero trust. With every identity and a new security perimeter, manufacturers must make ZTNA a priority going into 2023.
Content created and provided by ONEAFFINITI.