Azeem Aleem, Vice President Cyber Security Consulting: Global Digital Forensics and Incident Response Lead, NTT UK&I.
Over the last two years, the cost of ransomware attacks has snowballed to millions of pounds[1], disrupting countless operations, particularly within manufacturing. The cold fact is that the manufacturing industry accounts for 29% of all cyber-attacks in the UK and Ireland[2] – making it the most vulnerable sector. Manufacturing organisations are now seeking to improve their baseline security maturity through secure by design approaches, to ensure cybersecurity is built into all levels of the core business decision-making.
There are three key focus areas for manufacturers to consider in their move to become secure by design.
1: Detection and design
Understanding your organisation’s current cybersecurity maturity and vulnerabilities, together with planning your mitigation strategies, are key to improving your cybersecurity posture. Operational Technology (OT), is often built on legacy systems and adapted over time which can provide points of entry for attackers, bringing risk to the organisation. Two critical steps in the planning process that will help guide your cyber risk prevention strategy, include quantifying your risk, and prioritising your key systems.
Quantify your risk: Measuring the risk to your business and assessing where your vulnerabilities lie is crucial. Manufacturers have a complicated supply chain, creating an eco-system of security risk that needs to be managed. By establishing visibility across your complex network and assessing the impact of your risk exposure, you’ll better understand the security risks posed by your supply chain. Then appropriate levels of protection can be agreed as part of your strategic enterprise risk management and mitigation activities.
Prioritise your key systems: It’s impossible to apply the same level of protection to every application, device or network at the same time. Instead, prioritise security policies and controls based on business value or impact. Once the risk has been quantified and you establish a better understanding of which systems most affect revenue, mission, organisational reputation and regulatory compliance, you can prioritise controls in-line with business objectives.
2: Incident response
This step of cyber risk mitigation is essential. Putting an incident response (IR) plan in place is a key component in achieving business resilience.
Within manufacturing, the primary objective of an IR plan is the continuous operation, visibility and safe management of the environment. If all your metrics and controls are working but failure creeps in through a supplier’s system, the impact on production can be enormous. Recently, we’ve seen several ransomware attacks being carried out on manufacturers including pharmaceutical companies at the forefront of COVID-19 vaccine research and development. If successful, these attacks could have had wide-spread, devastating impact, setting back operations, production and compromising valuable data.
In the case worked by NTT’s Digital Forensics & Incident Response (DFIR) Team, an IR plan was in place, ensuring the affected organisation rapidly detected the threat to the access points and providing quick and efficient remediation.
3: Metrics
To improve your cybersecurity maturity, you need to know where you’re starting from. Ultimately, metrics are just numbers. However, the context surrounding them and how they’re used can drive improvement to security programmes. Gathering metrics enables you to take stock and address exactly what you want to achieve and evaluate your progress towards your goals – improving security maturity and being secure by design.
Continuous improvement
Systematically collecting, evaluating and adapting to threat intelligence is critical to success. Automation will need to be part of your strategy, as no organisation has the resources to manually manage a risk programme, nor perform continuous security event and incident monitoring.
Conclusion
It’s critical for UK and Ireland manufacturing organisations to reduce risk and align to their business priorities. Keeping OT environments secure takes time, resources and effort. You need visibility into the risks across your OT and IOT environments, to help protect all your assets, including the non-standard software, protocols, and devices. Efficient planning – from understanding your organisation’s goals, to identifying acceptable risk – through to establishing a clear IR plan and building cyber-resilient capabilities are essential to accomplishing your security goals.
Cyber criminals are ruthlessly targeting the production, research, intellectual property and logistics capability of manufacturers, even those engaged in the battle against COVID-19. At NTT, we know the challenges the manufacturing sector faces, and work closely with our clients in this sector to strengthen their defence against physical and cyber vulnerabilities.
To find out more, visit: https://bit.ly/3pPXQnt
[1] https://blog.emsisoft.com/en/36534/state-of-ransomware-in-the-us-report-and-statistics-for-q1-and-q2-2020/
[2] Infographic: Manufacturing cyber-resilience matters, NTT Ltd.