By Dick Bussiere, Technical Director APJ, Tenable
Ransomware incidents are increasing among manufacturers in India and globally, with the industry emerging as the primary target for malicious actors. The attackers exploit the industry’s reliance on minimal downtime, extended equipment lifecycles, and outdated, less-supported software, posing significant risks to components in industrial control systems and operational technology networks. A mere 41% of Indian IT and security leaders express satisfaction with their Industrial Internet of Things (IIoT) and Industrial Control Systems (ICS) cybersecurity capabilities. Ransomware attacks on manufacturers lead to substantial financial losses. Fortune Global 500 manufacturing and industrial firms experience an average annual loss of 323 production hours per large plant, equating to $532,000 per hour or a staggering $172 million per year. As the new year unfolds, manufacturers in India must evaluate the risk posed by cyberattacks and carefully consider making investments in security technologies to safeguard their business.
Catch 22: Productivity versus cybersecurity
In contrast to IT systems, OT systems face significant challenges when operating non-OT-specific software, particularly due to the prevalence of legacy or outdated systems in many factories. The integration of Industry 4.0 technologies, such as IIoT, further amplifies the risk of performance slowdowns or crashes.
This dilemma creates a conflict for OT security professionals in shaping their security strategies. It becomes a catch-22 situation, compelling numerous manufacturers to prioritize productivity even if it comes at the expense of security. The resultant lack of security opens the door to ransomware attacks capable of disrupting systems and bringing production to a standstill.
The complexity is compounded by the fact that not all security solutions are designed with OT systems in mind. Manufacturing facilities host a diverse range of machines, including mixers, boilers, conveyor belts, laser cutting machines, and more, all in different stages of modernization under Industry 4.0. Additionally, IT devices (“IT in OT”) are an integral part of the vast majority of OT environments, yet many OT security solutions do not consider how important these IT in OT systems are in the overall operation of the plant.
For manufacturers seeking to invest in cybersecurity, it is crucial to consider solutions that provide enterprise-level visibility through hybrid discovery of both IT and OT assets. Those carrying responsibility for securing the plant should evaluate whether the chosen solution enables the discovery of both IT and OT assets, conducts vulnerability scans on IT devices, and employs querying to extract explicit details from OT devices using OT-specific protocols. Centralizing all information in an integrated platform simplifies the creation of asset inventory, offering a comprehensive overview of asset connections and facilitating the identification of asset relationships through a network map.
Preventive OT security
OT security professionals in the manufacturing sector grapple with the challenge of identifying system vulnerabilities. The array of disparate tools for OT security often concentrates on threat detection but lacks the functionality necessary for effective vulnerability management in OT systems. Cybersecurity extends beyond mere threat detection, and manufacturers require solutions incorporating AI-powered Vulnerability Priority Rating (VPR), a dynamic companion to the data provided by the vulnerability’s CVSS score to enable security professionals to pinpoint and address high-priority vulnerabilities proactively.
Holistic OT security solutions are adept at detecting changes in programmable logic controllers by detecting configuration modifications, code alterations, and firmware downloads. Additionally, these solutions detail alterations made from one configuration snapshot version to the next, enabling operators to revert configurations to their last valid state.
Effective OT security solutions should also possess the ability to identify network activities such as anomalous network activity, detection of network baseline deviations, and the detection of indicators of compromise. , Device-based threat detection ensures the discovery and profiling of dormant devices that may not actively communicate over the network. The amalgamation of these features significantly mitigates risks to critical assets, fortifying defenses and creating formidable barriers against breaches.
Ransomware remains a persistent threat, and in 2024, attackers are anticipated to intensify their assaults on manufacturers. Embracing preventive security measures enables manufacturers to foil ransomware actors by systematically identifying all potential entry points and vulnerabilities susceptible to unauthorized access or exploitation.
Preventive security measures, such as exposure management, provide manufacturers with insights into potential attack vectors, fostering communication and collaboration among relevant stakeholders in both IT and OT. Exposuree management ensures manufacturers can effectively minimize risk by identifying potential attack routess. It facilitates early threat warnings, identifies insider threats and malware, and, by establishing the relationship between assets and users, categorizes risk levels.
This approach allows security teams to discern anomalies in traffic patterns, effectively recognising and mitigating threats within their environments. Such a proactive approach minimizes the risk of downtime resulting from ransomware attacks. As India increasingly adopts Industry 4.0 technologies, manufacturers must prioritize cybersecurity due to the significant financial implications of a breach. Through strategic investments, manufacturers can safeguard their networks and control physical processes, ensuring proactive detection and real-time responses to cybersecurity incidents. Preventive security stands as a critical necessity for manufacturers aiming to outpace ransomware actors and maintain a vigilant stance against evolving threats.