Curbing cyber threats within manufacturing sector

July 22, 2014 5:18 pm

This article highlights the impact of cyber attack on manufacturing sector and the preventive measures
 The manufacturing sector in India is growing at an unprecedented pace. According to global management consulting firm, McKinsey, India’s manufacturing industry could touch $ 1 trillion by 2025. But with growth, comes several risks as well. The manufacturing sector is increasingly becoming an easy target for cyber crimes. The impact of cyber attack on manufacturing operations is colossal and can lead to unexpected downtime, illegal use of systems, loss of proprietary information, financial loss and worse. Cyberespionage is identified as a top security threat to the manufacturing Industry.
According to Verizon’s recently released 2014 Data Breach Investigations Report (DBIR), cyberespionage topped the list of online security threats to the manufacturing industry last year followed closely by distributed denial-of-service and web-application attacks. In fact, 54 per cent of all manufacturing attacks examined were attributed to cyberespionage which the report defines as incidents that were perpetrated by or linked to state-affiliated infiltration.
And though cyberespionage was the top culprit of attacks on manufacturers, the DBIR data also revealed that organised crime rings, competitors and current and former employees were complicit as well. Further, this year’s report illustrated how manufacturers were targeted for their intellectual property, technology and business processes.
So just how did state-affiliated actors infiltrate the network ecosystems of manufacturers? The majority of the attacks, 67 per cent, were carried out by phishing schemes in which deceptive e-mails are designed to trick an employee into giving up proprietary information. In addition, Strategic Website Compromises, in which websites of importance to a business are breached to distribute malware, inflicted their share of damage as well.
Given such pervasive threats, what can manufacturers do to safeguard their often complex operations against these types of attacks?
The DBIR breaks down tips in its cyberespionage category into basic blocking and tackling and more specific practices that can help protect against attacks of this nature which tend to be very sophisticated and well-financed. Let’s start with some basics:• Secure your software: Exploiting vulnerabilities in browser, operating system and other third-party software is an easy initial step that attackers use to infect systems. Keeping security patches up to date should be table stakes for preventing infiltration and will make these types of ‘gateways’ tougher to breach.• Maintain anti-virus software: Though deploying and maintaining anti-virus software may sound ‘old school’, the DBIR experts stand by the importance of this practice for detecting application anomalies and other malware.• Educate your employees: Train your employees to recognise suspicious activity and help keep security measures active.• Segment your network: Segmenting networks helps to contain incidents and protect the rest of the ecosystem from being infiltrated.• Keep good records: Maintain accurate logs by logging all system, network and application activity.
Moving onto more prescriptive measures that organisations can take if they are concerned with state-affiliated attacks, the DBIR recommends the following practices which can better isolate key network locations for an attack and give victim organisations the best defence opportunities:• Aggressively defend against Phishing attacks: Focus on a solution that can effectively combat e-mail phishing attacks by expanding beyond spam detection and block lists into ‘header analysis,’ ‘pattern matching’ based on past samples and ‘sandbox analysis’ of attachments and links included in the e-mails.• Track ‘Command and Control’ (C-2) and data exfiltration activity: Monitor and filter outgoing traffic for suspicious connections and exfiltration of data to remove hosts. Also monitor your DNS connection which represents one of single best sources of data across an organisation.• Prevent lateral network movement: Though network segmentation and containment was previously mentioned in the basics, the DBIR experts stress that doing this well can be challenging. Defence practices such as two-factor authentication can help contain the widespread and often uncontested re-use of user accounts.
Lastly, and not unexpected, Manufacturing industries are also targeted for their intellectual property, technology, and business processes.
Intellectual property (IP) is one of the most valuable business assets you have. Lose it and you could lose that secret ingredient that sets you apart from your competitors.
Leveraging insider help — whether malicious or accidental, through phishing or some other form of social engineering — is common in IP data breaches. But if an attacker can’t get an insider to help, stealing their credentials will work just as well — malware and hacking techniques dominated the top spots in our list of most common attack vectors. Regardless of how they gain unauthorised access, attackers will always want to expand and retain it. That’s where system utilities and backdoors come into play.
There’s no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one-size-fits-all solution. Given that, a few recommendations are listed below.• Use pre-employment screening to help reduce the risks of internal problems later. And don’t give users more privileges than they need.• Educate employees about social engineering. We often see users clicking on links they shouldn’t and opening attachments received from unidentified senders. Consider rewarding users to create the incentives necessary for vigilance.• Implement time-of-use rules and “last logon” banners.• Consider two-factor authentication, IP blacklisting, and restricting administrative connections (e.g., only from specific internal sources). • Monitor and filter network egress traffic. By understanding and controlling outbound traffic you will greatly increase your chances of mitigating malicious activity.• Enable application and network logs and monitor them. All too often, evidence of events leading to breaches was available but it was neither noticed nor acted upon. • Identify what’s critical and what constitutes normal behaviour, and then put mechanisms in place to sound the alarm upon deviations from expected norms.• Focus on the obvious things rather than the minutiae. A simple script that counts log file length and alerts administrators to exceptions can be pretty effective and save time, effort and money