2021 highlighted the need to secure industrial facilities and critical infrastructure, and firms are implementing plans to improve security. After the Colonial Pipeline incident, Department of Homeland Security(DHS) issued a security directive requiring pipeline companies to report cyber incidents to federal authorities. In addition, DHS implemented mandatory rules for how companies must protect their systems against cyberattacks and the steps they should take if a breach occurs. Most of the actions taken by the Federal Government and by firms has been reactive rather than preventative.
In 2022, manufacturers will continue to be a target for bad actors. Highlighted below are the top 5 OT risk trends facing the manufacturing industry:
1. Principle of Least Privilege
The Principle of Least Privilege states that users should be given only those privileges needed for it to complete their roles and responsibilities. One consistent OT cybersecurity weaknesses that has been observed is that manufacturing firms have not implemented policies and procedures to ensure that Principle of Least Privilege is adequately enforced. In an industrial environment, this can manifest in the form of systems or users which are granted excessive privilege beyond the minimum required to complete their assigned task. This increases overall risk.
2. Supply Chain Risk Management
Supply chains today were quickly formed in response to market opportunities. However, this rapid adaptation has increased the risk of disruption to the industrial manufacturing process resulting from cyberattacks. Excessive vulnerability and malicious functionality can be introduced by poor manufacturing and development practices within the cyber supply chain. Most organizations have not conducted regular IT security assessment of their organizations’ main suppliers. In addition, most organizations have not adequately quantified the risk introduced by supplies to determine which suppliers present the greatest amount of cybersecurity risk to the organization. Worse still, many organizations do not even include cybersecurity requirements in their contracts with their suppliers at all.
3. Patch Management
Patch management is a critical practice for ensuring that OT systems are secure. It is a process that uses “patches” – modifications to existing software – to ensure that errors and vulnerabilities are corrected by remediating issues identified within operating systems, network equipment, software products, and applications. An effective patch management program helps organizations prevent cyber-attacks, as well as improves the performance of their software. However, many firms do not have an adequate process to prioritize patches and implement patches in a timely manner, which increases risk.
Phishing is the practice of sending targeted digital messages to trick people into clicking links or downloading attachments that can then install malware or expose sensitive data. Most organizations are aware of the dangers of clicking on suspicious-looking links and attachments. However, bad actors are using machine learning to quickly draft and send messages that look like legitimate communication, which reduces the effectiveness of user awareness controls. These attacks often take the form of ransomware, malicious software that can render critical assets unavailable unless hefty ransoms are paid. This attack exploits inadequate network segmentation to leverage lateral movement to expand its reach.
5. Security Configuration Management
Security configuration management is the process of monitoring the settings of an information system with the goal of increasing security. An adequate security configuration management program identifies and prioritizes misconfigurations in a timely manner. Misconfigurations can lead to a host of problems, including poor system performance, noncompliance, inconsistencies, and security vulnerabilities. Most firms do not have an adequate process for monitoring the configuration of their information systems in a way that ensures that the systems are hardened.
As OT continues to expand its prominence in the manufacturing industry, the cyber risk resulting from the incorporation of this technology continues to expand as well. It is critical that organizations proactively respond to this risk by implementing appropriate controls to safeguard their environment. As the threat landscape evolves, so must organizations adapt with modernized security solutions.
Assume Breach approach across our Agentless Segmentation, Secure Asset Access, and Ransomware Kill Switch limits the trust placed in applications, services, identities and networks by treating them all—both internal and external—as not secure and probably already compromised.
Airgap provides a single console zero-trust policy framework to apply comprehensive network security controls across an organization and prevent the lateral spread of ransomware and cyber breaches. With per-device granularity, Airgap agentless segmentation allows network security teams to apply dynamic network security policy, limiting East/West traffic to only that which is necessary to do business, and enabling network administrators to update enterprise-level security policy with a single click.
To learn more about how Airgap solutions can take your network security to the next level, please visit https://airgap.io/contact-us.