How Industrial Manufacturers can Boost Multi-Site Security Posture and Performance

By Emmanuel Routier, VP Smart Industries, Orange Business.

  • 1 month ago Posted in

As industries work to cope with their business challenges, digital transformation, for certain players, is already a reality in the operations of the industry. There is no question that digitization brings immense improvements in operational efficiency that are essential to remaining competitive. However, a lack of properly planned OT/IT integration and management continues to leave some companies exposed to threats.

That has to change because ransomware attacks have surged in recent years, and the theft of intellectual property and proprietary data is high on the agenda for cybercriminals. At the same time, governments are mandating that industries strengthen their cybersecurity practices in line with the increased risk with edicts, such as the Network and Information Security 2 (NIS2) Directive, which comes into force this October. The directive focuses on strengthening requirements for incorporating cybersecurity into the DNA of organizations and bringing more industries, including manufacturing, into its scope.

The issue is that most industrial sites do not have the resources to achieve this. In this article, we explore how industrial organisations can assess OT risks, implement cybersecurity best practices in their production environments, and ensure network reliability and resilience.

The changing operational security landscape In our latest annual Security Navigator 2024 report, which analyses the complex environment of OT cybersecurity, we saw security incidents surge 30% year-on-year.

It found that criminals are the most frequent offender of OT cyber-attacks, dwarfing state, insider, hacktivist, third party contractors and unspecified hacker adversaries. Criminals perpetrate 61% of recorded OT cyberattacks, all of which were cyber extortion incidents and most involving ransomware.

By sector, manufacturing is by far the most affected industry by cyber-attacks. Manufacturing was the victim of more than half (58%) of all attacks and year-on-year the sector saw an increase of 42% in attacks. To put it in perspective, if cybercrime were a country, it would be the third-largest economy after China and the US.

What is interesting is that prior to 2020, insider and unspecified hacker adversaries were more common. The rise of double extortion in 2020 – the act of using ransomware to encrypt everything on a victim’s estate and threating to leak exfiltrated data too if further ransom was not paid – changed everything. Not only did criminal adversaries rise to the top, but the sectors affected changed from being a diverse group to being mostly manufacturing.

As well as criminal opportunities, more and more threat actors are politically or ideologically motivated, with the aims of espionage, sabotage, disinformation and extortion increasingly intertwined. Over the past two years, there has been an evident increase of activity in the hacktivism space.

Attacks from hacktivist groups involved in the war against Ukraine, siding with either Russia or Ukraine, have reached record-high levels, with Ukraine, Poland and Sweden the most impacted by the pro-Russian hacktivists. This upwards trend is being exacerbated further by other geopolitical events which have sparked the creation of new groups, most recently spawned following the latest developments in the Middle East. Europe is impacted by 85% of all hacktivist attacks, followed by North America (7%) and the Middle East (3%).

In summary, the report underlines the unpredictable environment we face today. All companies, especially industrial ones, need to take the security of their OT systems seriously. They should

continue to grow OT infrastructure and adapt to new technologies, but they also need prepare for new threat actors by anticipating, detecting, and containing attacks when they emerge.

Industrial networking transformed through innovation

Historically, industrial networks were isolated from the rest of the enterprise, and cybersecurity was not a priority. However, OT assets are more connected with the outside world now, yet with still little thought to their cybersecurity. There is a lot of enthusiasm for digitisation, but it has not been matched by the right level of security.

With third parties accessing physically or remotely, operational sites for maintenance being more and more exposed to cyberattacks and with the increasing use of IT technologies in industrial systems, cybercriminals have found easy ways in. It is no longer a case of ‘if’ but ‘when’ an attack will happen.

With the NIS2 directive in sight as well, industrial organizations must build networks with security top of mind. Under the directive it will be obligatory for management of organizations to take responsibility regarding their cybersecurity maturity. This will include having risk assessments conducted and approving risk treatment plans to be implemented, among other tasks. Failure to do so will result in stricter penalties too, including fines up to 10% of an enterprises annual turnover.

With a secure industrial network in place, industrial organizations can significantly reduce risk, ensure compliance, enhance their competitive edge, and benefit from the efficiencies that come with interconnecting environments. However, creating a secure industrial network requires organizations to understand IT networking, the constraints and specifics of industrial networks, how they should link into the infrastructure, and the security hygiene required to make them secure. Many organizations find they do not have the knowledge, tools, or skilled technicians in each site to achieve this. At the same time, they have invested in fragmented networks with multiple vendors that have been difficult to manage and control. Multiple vendors alongside interoperability issues have increased the risk vista.

You can’t secure what you can’t see

A secure industrial LAN should enable visibility into industrial IoT and industrial control systems (ICSs) so that IT and OT teams understand their OT security posture and can work together to implement best cybersecurity practices to maintain uptime and operational efficiency.

Industrial organisations can solve a big part of their risk by getting the industrial network and security sides right. Each industrial site is unique so there is no cookie-cutter approach to building a secure industrial network. However, the starting point for each site should be with a team of experts performing a security assessment to understand the health of the network and any vulnerability gaps before mapping a secure industrial LAN that matches business requirements.

Ultimately the best solution should be able to give a company effective control and supervision of its industrial network. Look for solutions that include network mapping and traffic monitoring, asset inventory, and the ability to extract security data – including real-time information on vulnerabilities, configuration errors, and security risks.

Choosing this one-stop-shop, single-vendor approach to secure industrial LAN enhances overall security and significantly reduces the total cost of ownership. This is a paramount consideration for many manufacturers working on extremely tight margins. In addition, security is built into the network, so there is no additional spending on hardware.

Looking ahead

Manufacturers can solve a big part of their risk by getting the industrial network and security sides right. Without it, they are easy targets.

As industries accelerate the digitisation of their operations that are essential for remaining competitive, they need a managed and secure solution for their industrial networks so they can scale their operations anywhere they are on the globe, improve resilience, and meet ever-growing cybersecurity regulations.

In today’s rapidly changing OT security landscape, industrial organisations need help deploying, managing, and securing their industrial networks worldwide. Look to partner with a provider of a secure industrial LAN service that is designed to address risks through a single service to enhances security posture while providing dependable connectivity in harsh environments.

By Richard Montbeyre, Chief Privacy Officer, BMC Software.
By Danny Kadyshevitch, Senior Product Lead, Detection and Response, Transmit Security.
By Andy Mills, VP of EMEA for Cequence Security.
By Muhammad Yahaya Patel, Security Engineer at Check Point Software.
By David Higgins, Senior Director, Field Technology Office at CyberArk.
By Scott Walker, CSIRT Manager, Orange Cyberdefense.
By Erik Scoralick, Senior Manager, Sales Engineering at Forcepoint.
By Frank Baalbergen, Chief Information Security Officer, Mendix.