[BreachExchange] Manufacturing Industry: A Key Target For Cyber Attackers
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Sep 28 15:46:43 EDT 2018
https://www.cybersecurityintelligence.com/blog/manufacturing-industry-a-key-target-for-cyber-attackers-3738.html
Identifying vulnerabilities in the network is just the beginning of the
cyber battle. While cybercriminals are trying to infiltrate networks
through loopholes, cybersecurity professionals are finding new ways to
counter their attacks. As the manufacturing industry is becoming better
connected, the frequency and sophistication of cyber-attacks is rising.
Despite knowing the impact of the cyber attacks, companies in the
manufacturing sector have underestimated the scope and depth of the threat.
However, cyber attackers today are more focused on intellectual property
that can bring about long term benefits which puts the manufacturing
companies in their radar.
Rather than fall prey to another scam, manufacturers need to better
understand the possibilities of the threats they could face. They could
begin with the approach of protecting their finances from being
compromised. Most of the banking transactions for majority of businesses
are done online and all that hacker needs to do is to be able to get into
the manufacturers’ online banking platform.
Vulnerabilities in the security framework are exploited by hackers through
gaining access into various systems of sensitive data. Fraudsters wanting
to access financial systems to draw money out via phishing mails or other
means of social engineering are the cause of big data breaches. These
companies can avoid having their sensitive information getting leaked by
investing significantly in cybersecurity although the level of investment
depends on the individual business.
There are two very different approaches to investing. Businesses can invest
internally in their hardware, software, their IT team, human resources and
have that management on site or can work with consultants, industry experts
and outsource that work.
Many times, manufacturers receive a lot of confidential information that
can include drawings, contracts, patents or other sensitive information
from their customers, which they need to protect. This is why, robust
cybersecurity protocols are adopted for the reasons of security compliance.
Although businesses have started investing in security to combat cyber
criminals, it needs to be seen if these investments are really effective.
As per an old adage, it’s always better to work smart than hard. The
traditional mindset is that organizations should work hard to build in the
perimeter defense, though it is not enough on its own to protect cyber
assets.
The cyber risks faced by advanced manufacturing companies go beyond
compromised bank accounts. According to industry experts, connected devices
on the shop floor are the most vulnerable and may be exploited in ways not
immediately noticeable.
The rapid rise of technology has set the pace for innovation which makes
protecting trade secrets less important these days, according to some
manufacturing executives. Protecting intellectual property is no longer a
cause for concern and the focus is solely on continuing to innovate. The
current mindset is that if a company continues innovating, it wouldn’t
matter if the intellectual property is left unprotected as it would become
obsolete once the company introduces its newest iteration.
Nevertheless, invaluable intellectual property needs to be shielded because
those platform innovations will continue to have iterative improvement made
to them in subsequent years and compromising on that foundational
innovation may put at risk those iterative product developments.
When it comes to your business, there are things that you need and things
that you want. Creating a manageable IT structure brings it down to the
bare essentials. However, with cybersecurity more is always better and in
the case of intellectual property, additional security is essential.
Although, there are different types of cybersecurity solutions, some of
them can help in protecting intellectual property. Authentication is
important for controlling and identifying user roles and by limiting and
tracking employee access; one can ensure that malicious users don’t gain
access to the systems. Data encryption is another way as encrypted data
means protected data. Even if it’s stolen, it cannot be accessed. Firewalls
and antivirus solutions can protect the network and the computer systems
respectively from potential threats and malicious actions. At times, it
might so happen that a security solution is a combination of two or more
solutions. Unified threat management is an umbrella term encompassing
several cybersecurity solutions in a single resource that identifies and
annihilates threats as they come in. Web filtering services can be
effectively used to counter data breaches by providing an extra layer of
security and hence protect employees from accidentally accessing
potentially harmful websites.
Manufacturing is the third most targeted industry for cyber attacks as per
reports testifying the same. Also, a large number of these attacks go
unreported as the manufacturing sector is not under the same obligation to
report breaches as the healthcare, financial services, and the retail
industries.
Cybersecurity training should be made mandatory for employees as the
attackers perceive manufacturers to be weak and hence, frequently target
the sector. The training coupled with effective cybersecurity
implementation by organizations can help them thwart cyber attacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180928/f3729ddd/attachment.html>
More information about the BreachExchange
mailing list