The rapid convergence of enterprise IT and operational technology networks in manufacturing organizations has definitely caught the eyes of cyberattackers. According to a new report out today, manufacturing companies have started experiencing elevated rates of cyber reconnaissance and lateral movement from attackers taking advantage of the growing connectivity within the industry.
Developed by threat hunting firm Vectra, the "2018 Spotlight Report on Manufacturing" features data from a broader study of hundreds of enterprises across eight other industries. It shows that even though organizations in retail, financial services, and healthcare industries are more likely to experience reportable breaches involving personally identifiable information, manufacturing organizations outpace them in other areas of risk.
For example, the manufacturing industry is subject to a higher-than-usual volume of malicious internal behaviors, which points to attackers likely already having found footholds inside of these networks. In particular, during the first half of 2018 manufacturing firms had the highest level of reconnaissance activity per 10,000 machines of any other industry. This kind of behavior typically shows that attackers are mapping out the network looking for critical assets. Similarly, manufacturing was in the top three industries most impacted by malicious lateral movement across its networks.
All of these metrics indicate a heightened level of risk to manufacturing's bread-and-butter: uninterrupted operations and well-guarded intellectual property. According to the "2018 Verizon Data Breach Industry Report," 47% of breaches in manufacturing are motivated by cyber espionage.
Experts chalk up the increased risk to the industry's mass deployment of industrial Internet of Things (IoT) devices and the shift to what some tech pundits call Industry 4.0. As analysts at McKinsey, Deloitte, and others explain, we're in the middle of the fourth industrial revolution. The first started with steam-powered machines. The second came with the advent of electricity. The third occurred with the first programmable controllers. And now the fourth is occurring with increased connectivity, automation, and data-driven adaptivity of operation systems across manufacturing plants. Industry 4.0 delivers ubiquitous production and control to the business, but it also increases the risk of disruption by cyberattackers if automated and connected systems aren't sufficiently protected.
Unfortunately the industry's paradigms around protecting systems hasn't caught up with the changing realities of its attack surface. For example, the Vectra report explains how manufacturers traditionally used customized and proprietary protocols for connecting systems on the factory floor. That in and of itself kept the bar of entry for cybercriminals pretty high. But that trend is changing as more IoT devices have utilized standardized protocols.
"The conversion from proprietary protocols to standard protocols makes it easier to infiltrate networks to spy, spread, and steal," the report states.
Additionally, manufacturers tend not to implement strong security access controls on certain systems for fear of interrupting the flow of lean production lines. All of this is adding up to heightened levels of risk.
"The interconnectedness of Industry 4.0-driven operations has created a massive attack surface for cybercriminals to exploit," says Chris Morales, head of security analytics at Vectra.
- 7 Tools for Stronger IoT Security, Visibility
- Anatomy of an Attack on the Industrial IoT
- Industrial Safety Systems in the Bullseye
- Schneider Electric: TRITON/TRISIS Attack Used Zero-Day Flaw in Its Safety Controller System