December 10, 2020

Information Security Risks Specific to the Manufacturing Sector.

Overview

An attack on a Corporation is one thing. An attack on an Operational Plant is another. Everyday thousands of attacks are targeted towards one of the most least reliable industries when it comes to Cyber Security: Manufacturing.

The theft of Intellectual Property (IP), blueprints, trade secrets or design & architecture can allow for global competitors to take advantage of a business by creating the same products and selling them cheaper placing a company on the verge of collapse. Automated Logistics, Supply Chain, Distribution and especially and The Internet of Things (IoT) systems can place a serious risk on any business if compromised. To provide assurance, integrity and protection, the proper defense protocol must be launched.

In a 2017 research by Verizon revealed that “while across all industries most cyberattacks are opportunistic, 86% of attacks in manufacturing are targeted. Almost half (47%) of breaches involve theft of intellectual property (IP) to gain competitive advantage, with trade secrets the most common data type breached in manufacturing companies.”

In 2019, almost 50% of manufacturing companies in the UK reported that their organizations had fallen victim to cybercrime, making manufacturing one of the top three most targeted sectors for cybercriminals. Moreover, Modern Manufacturing networks, systems and applications are less secure and protected than traditional manufacturing systems, while cyber hacking threats to the Industrial IoT are rapidly increasing. Automotive manufacturers were on the top of targeted manufacturing, accounting for almost 30% of the total attacks against the manufacturing industry in 2015, according to IBM3. This was demonstrated in 2010 when the computer worm Stuxnet sabotaged an Iranian uranium enrichment infrastructure. Moreover, manufacturers in the aviation, food service, polymers electronics space have also seen a significant spike in cybercrime. And as the United States Department of Homeland Security has identified, the manufacturing sector is the leading target of infrastructure cyber-attacks, accounting for one third of total attacks  .

The Bottom line: Cybercrime hackers are targeting Manufacturing Companies due to their lack of Security.

At Apply GRC, we take hacking very seriously.Our subject matter experts with years of experience in in the industry understandthe intangibles and variables to the networking at Manufacturing companies. Werecognize the environment, delicate scenarios and complex infrastructurewhich can make implementing proper security controls tedious. We’re aware ofdollars and cents, cost-effectiveness and the value of proper investment.That’s why Apply GRC doesn’t just consult and simply provide a findings reportfor our customers. We assess, analyze, test, and deploy the right securitycontrols. We instruct  customers so theycan take our program and successfully run it on their own. We’re as much aboutsolving as we are teaching. Partnership, Trust, Reliability.

 

Apply GRC Solutions:

ISO 27001 Assessment: The: The Gold Standard in assessment. ISO 27000 family of standards helps organizations secure information assets and ISO 27001 is the best know standard that provides requirements for an information security management system. Apply GRC conducts a full assessment and test against the most recognized framework in the business. Our Security team will create an assessment and provide advisory consultation that will create a security strategy that can help understand the vulnerabilities and issues on networks, systems and IoT. In addition, we provide cost-efficient tactics to utilize your security tools which exist to stabilize dollars recommending only to purchase solutions when and if needed.  

If your company works with NIST, HITRUST or GMP Industrial Cyber Security, not a problem. We help you assess your security-based on these frameworks. A discussion with our cybersecurity experts will help you determine the best direction.

Penetration& Segmentation Testing: Penetration Test, also known as an Attack & Penetration Test, or simply ‘Pen Test’, is a simulated cyber-attack against a network and/or system to check and assess for exploitable vulnerabilities. In the context of externally facing applications, better known as Web Applications, Penetration Testing is commonly used to augment a web application firewall (WAF).

Segmentation Testing is a penetration test used to verify less-secure networks are not able to communicate with high-secure networks. High-secure networks usually maintain databases with records of critical information or intellectual property(IP) that must be accessed when needed. In a nutshell, Segmentation Testing provides assurance that existing controls are in place to segment your business accordingly and security findings are identified.

Apply GRC takes a triple approach to both these tests especially for manufacturing which has tiers and/or segments between three major areas:

1.      External Access—users who access the network remotely to conduct business or maintain operations.

2.      The Network—systems and servers which provide operational execution of machinery, the functional measurement or health check of equipment and the preservation, protection and access of data.

3.       IoT and Shop Floor Devices—Equipment, machinery, thermostats, cooling units, heating systems, operational components, etc. that are a part of the development in manufacturing a product on the ‘shopfloor’ of a plant or business center.

All three areas are intertwined and work together to create a holistic process which produce the output. All three are vital to the growth and success of a manufacturing plant. Apply GRC assesses all areas, determines their interdependence and identifies the security leaks and vulnerabilities. Once the assessment is complete, Apply GRC provides a findings report, then trains staff and teams to recognize and understand how to mitigate risk independently and to manage segmentation only allowing authorized access.  

GMP IoT and ICS TestingGMP is good Manufacturing Practices, an industry recognized benchmark to highlight process and procedures that can establish strong standards. With the Internet of Things (iOT) and Industrial Controls Systems (ICS) increasing significantly at industrial plants and manufacturing centers, the ability for cyber attacks to occur on unmonitored, unprotected IoT is staggering. In a recent May 2020 article by Pipeline Security, it highlighted “57% of IoT devices are at high risk of cyberattacks. Cyberattacks on those devices can lead to serious economic and reputational consequences for any institution and company using it.”  In fact, IoTs are now being attacked by Botnets, very similar to the same devices which have attacked corporate networks. Botnets area cluster of networks of computer devices that have been hijacked and are used to carry out countless scams and cyberattacks. Botnets have long been a cheap way for hackers and spammers to cause havoc on the internet, and nation-state-backed groups also have shown a willingness to employ them. The proliferation of Internet of Things (IoT)devices has only made the tactic easier. In May of 2018, the FBI seized a domain used to communicate with 500,000 infected routers, accusing the botnet on a Russian-government-linked hacking group known as Fancy Bear.

Likewise, the impact of cyber-attacks on Industrial Control Systems are dangerous. As TrendMicro’s illustration demonstrates, security threats and risk against factories, even those which haven’t turned 100% ‘smart’ is detrimental.

         

‘Apply’ Apply GRC

Whether it’s a review of security controls through detailed risk assessments, or testing of the three Industrial and Manufacturing areas, Apply GRC provides Cyber and IT security by providing the best deliverables with critical action that result in cost-effective value. We focus on the problems, targeting issues and remediation persuasion to purchase products and invest in expensive security controls. We understand cost has an impact on everything. We try to eliminate as much spending as possible by focusing on the existing tools that are usually very underutilized so that your dollars go to the most critical of assets and operations. Trust, Educate, Cost-Effectiveness, Value. That’s Apply GRC.

Go Back