The manufacturing industry’s security epidemic needs a zero-trust cure

Manufacturers’ tech stacks and industrial control systems (ICS) were designed to deliver speed and transaction efficiency first, with security as a secondary goal. Nearly one in four attacks targeted manufacturers in the last year. Ransomware is the most popular attack strategy, and 61% of breaches targeted operational technology (OT)–connected organizations.

IBM Security’s X-Force Threat Intelligence Index 2022 states that, “Vulnerability exploitation was the top initial attack vector in manufacturing, an industry grappling with the effects of supply chain pressures and delays.”

Cyberattacks are a digital epidemic sweeping manufacturing, costing businesses millions in revenue and hours of lost production time. Manufacturing accounted for 68% of all industrial ransomware incidents in the third quarter of this year. On top of that, Dragos discovered that manufacturers suffered seven times more industrial ransomware incidents than the food and beverage industry. Forty-four percent of manufacturers had to temporarily shut their production lines down due to a cyberattack earlier this year.

Why manufacturing is the top target 

Threat actors see supply chain attacks as ransom multipliers that can generate millions of dollars in just days. That’s because disrupting manufacturing supply chains strikes at the heart of a manufacturer’s ability to meet customer orders and grow revenue. Many manufacturers quietly pay the ransom because they have no other choice.

Another reason manufacturers are a top target is that their tech stacks are often built on legacy ICS, OT and IT systems that were streamlined for production speed, shop floor efficiency and process control — with security often a secondary priority.

Limited visibility across OT, IT, supply chain and partner networks is another primary reason manufacturers are getting breached so often. Trend Micro found that 86% of manufacturers have limited visibility into their ICS environments, making them an easy target for a wide variety of cyberattacks. A typical ICS is designed for process optimization, visibility and control. As a result, many have limited security in place. 

Most ICS systems rely on air gaps as the first line of defense. Ransomware attackers are using USB drives to deliver malware, jumping the air gaps that industrial distributors, manufacturers and utilities rely on for that first line. Additionally, 79% of USB attacks can potentially disrupt the operational technologies (OT) that power industrial processing plants, according to Honeywell’s Industrial Cybersecurity USB Threat Report, 2021.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert earlier this year warning of attacks targeting ICS and SCADA devices.

The average damage from a manufacturing breach is $2.8 million. 89% of manufacturers who have suffered a ransomware attack or breach have had their supply chains disrupted.

Many manufacturers targeted by ransomware attacks have either had to temporarily cease operations to restore data from backup, or chosen to pay the ransom. They include Aebi Schmidt, ASCO, COSCO, Eurofins Scientific, Norsk Hydro, Titan Manufacturing and Distributing, and many others who decide to remain anonymous. A ransomware attack on A.P. Møller-Maersk, one of the world’s largest shipping networks, is considered the most devastating cyberattack in history.

Pursuing zero trust: A must for manufacturers 

The manufacturing industry must overcome the misconception that Zero Trust Network Access (ZTNA) frameworks are expensive, time-consuming and technologically challenging to implement. However, as they create a business case for zero trust complete with multicloud configurations factored in.

When choosing a solution, IT must be aware that cybersecurity vendors sometimes misrepresent their zero-trust capabilities, often confusing potential clients about what’s needed and what the vendor’s offering can do. The NIST provides a series of cybersecurity resources for manufacturers. 

Start with multifactor authentication (MFA) across every endpoint

Improving endpoint security is crucial for manufacturers, as every transaction they rely on to receive and fulfill orders passes through endpoints. Forrester’s report The Future of Endpoint Management defines the six characteristics of modern endpoint management challenges.

Andrew Hewitt, the report’s author, told VentureBeat that when clients ask what’s the best first step they can take to secure endpoints, he tells them that “the best place to start is always around enforcing multifactor authentication. This can go a long way toward ensuring that enterprise data is safe. From there, it’s enrolling devices and maintaining a solid compliance standard with the UEM tool.”

ZTNA frameworks need to start with endpoints

Unfortunately, most mid-tier manufacturers’ IT staffs are already short-handed, making defining and implementing a ZTNA framework a challenge. A business case to pursue ZTNA-based endpoint security must be based on measurable, quantifiable outcomes. Cloud-based endpoint protection platforms (EPPs) provide an efficient on-ramp for enterprises looking to get started quickly. EPPs also increasingly support self-healing endpoints.

Self-healing endpoints shut themselves off; re-check all OS and application versioning, including patch updates; and reset themselves to an optimized, secure configuration. All these activities happen without human intervention. Absolute Software, Akamai, CrowdStrike, Ivanti, McAfee, Microsoft 365, Qualys, SentinelOne, Tanium, Trend Micro and Webroot have delivered self-healing endpoints to enterprises today.

A manufacturer’s security perimeter is identities and data

Every identity is a new security perimeter in the supply chain, across sourcing networks, service centers and distribution channels. Manufacturers need to adopt a ZTNA mindset that sees every human and machine identity outside their firewalls as a potential threat surface. That’s why, for manufacturers just starting with a ZTNA framework, finding a solution with Identity and Access Management (IAM) integrated as a core part of the platform is a good idea, and it’s essential to get IAM right early. Leading cybersecurity providers that offer an integrated platform include Akamai, Fortinet, Ericom, Ivanti and Palo Alto Networks. Ericom’s ZTEdge platform combines ML-enabled identity and access management, ZTNA, micro-segmentation and secure web gateway (SWG) with remote browser isolation (RBI). 

Remote browser isolation (RBI) solves manufacturers’ challenges in securing internet access

RBI is a perfect solution for manufacturers pursuing a ZTNA-based approach to protecting every browser session from intrusions and breach attempts. RBI doesn’t force an overhaul of tech stacks, it protects them, taking a zero-trust security approach to browsing by assuming no web content is safe.

Leaders in RBI include Broadcom, Forcepoint, Ericom, Iboss, Lookout, NetSkope, Palo Alto Networks and Zscaler. Ericom is noteworthy for its approach to zero-trust RBI by preserving the native browser’s performance and user experience while hardening security and extending web and cloud application support.

The future of zero trust in manufacturing 

Cyberattackers have learned to target manufacturing businesses for maximum impact, asking for millions of dollars in ransom payments to return data and operable systems. Locking up a supply chain with ransomware is the payout multiplier attackers want because manufacturers often pay up to keep their businesses operating.

That’s why the manufacturing industry needs to consider how to move quickly on zero trust. Implementing a ZTNA framework doesn’t have to be expensive or require an entire staff. The resources listed in this article are an excellent place to start. Gartner’s 2022 Market Guide for Zero Trust Network Access is another valuable reference that can help define guardrails for any ZTNA framework. With every identity and a new security perimeter, manufacturers must make ZTNA a priority going into 2023. 

Resources mentioned in this article: