As we have discussed in great detail on our blog, the Internet of Things (IoT) has changed how manufacturers operate. While the move is undoubtedly positive, offering numerous benefits, the increased use of connected devices has made manufacturers more vulnerable to cyberattack.
Whereas in the past, computers may have played a small part in a manufacturer’s day-to-day operations, these internet-enabled devices have created a greater surface area for attacks. A report by Kaspersky Lab found that in the first half of 2017, almost a third of all cyberattacks were targeted at manufacturers.
Each connected device that joins your network essentially becomes a potential entry point for hackers and cybercriminals. You wouldn’t go out and leave your front door unlocked, yet many manufacturers are failing to put the proper security controls in place to lock down these entry points.
So why is manufacturing becoming such a prominent target? There are a number of reasons behind such an attack, from stealing intellectual property that will allow other companies to replicate a successful product to finding out about a company’s trading partners. The attacks could potentially be used by terrorists or other countries to disrupt or sabotage the production process.
There have been many examples of manufacturing cyberattacks, with some having a greater impact than others. For example, one attack on a German steel mill rendered the company unable to shut down the furnace and prevent a meltdown from occurring, while Japanese manufacturers have long been battling with the ‘Bronze Butler’ hacking group who want to illegally access IP and other confidential data.
While many manufacturers have integrated technology into how they operate, manufacturing overall still lags behind industries such as finance in terms of their commitment to cybersecurity. But, as more cybercriminals take aim against the industry more widely, it’s critical that manufacturers take action to safeguard their business — both now and in the future.
Here are two key considerations to make when it comes to protecting your IoT devices against cyberattacks:
How will you ever know what’s going on with your systems if you don’t have visibility? Often, this visibility is only achieved when it’s too late — and the hackers have already got what they wanted.
To begin, you need to know all of the potential entry points to your business. So, start by creating an inventory of these. Remember, that anything connected to your network can be used as a way in for criminals. As well as the physical PCs you use on a daily basis, consider also machine sensors, CCTV cameras and any other devices that employees may be using — especially if you have instilled a BYOD culture.
You may think there is little threat to be had from infiltrating a CCTV camera, yet there have been many examples where these seemingly harmless devices have been used to gain access to a wider system. For example, one casino fell victim to hackers through a connected fish tank!
Such an inventory can be created through a physical inspection of the devices connected to the network or by using network profiling technology. Of course, as your network evolves, it’s important that you keep track of what is connected in the future to ensure you can put the correct safeguarding procedures in place.
You should also establish a baseline of network activity, which outlines the average usage patterns and device behaviours. This will allow you to detect any changes or spikes in these aspects which could be due to a cyberattack — this is made more difficult without an initial baseline in place. Of course, this needs to be updated in-line with the new devices that join your network.
Following on from visibility is control. This involves considering the security capabilities of both the devices, as well as the network more widely and internal security practices and protocols. Key areas of focus include:
- Segmentation — segmenting your network and devices is a safeguarding method which means that, should unauthorised access be gained through one device, it can be contained; limiting how far access can spread. This can be done through using separate virtual local area networks (VLAN) or subnets with access control lists (ACLs).
- Firewalls — firewalls and proxy devices should be established to safeguard devices and protect the rest of the network should infiltration occur.
- Custom configurations — it seems obvious, but changing passwords, ports and protocols from the device’s default set-up is important. Don’t underestimate the intelligence of the hackers — this is a common access point in hacking instances.
- Up-to-date — software and operating systems will need to be continuously updated to eradicate bugs and vulnerabilities that potential hackers could use to access your systems if left unaddressed. Stop clicking remind me later!
- Regular security assessments — keep a close eye on the security of your devices over time, carrying out risk analysis at regular intervals