McAfee: mitigating cyberthreats due to digitalisation
The facts and figures
The rapidly expanding threat landscape combined with increasing digitisation across the manufacturing industry creates more potential attack vectors:
- McAfee’s latest Cloud Adoption and Risk Report revealed that between January and April 2020, enterprise use of cloud in the manufacturing industry spiked by 144%, compared to the average overall enterprise increase of 50%.
- External attacks on cloud accounts increased by 630%, with manufacturing verticals seeing a 679% increase in threats, making it one of the most affected sectors.
- A previous report from McAfee – Grand Theft Data II – The Drivers and Shifting State of Data Breaches – revealed that IT security professionals across all sectors, including manufacturing, are still struggling to fully secure their organisation and protect against breaches, with 61% claiming to have experienced a data breach at their current employer
- Data breaches are getting more serious and are under greater scrutiny – nearly three-quarters of all breaches have required public disclosure or have affected financial results
- One major issue highlighted in the report is that security technology continues to operate in isolation, with 81% reporting separate policies or management consoles for cloud access security broker (CASB) and data loss prevention (DLP), resulting in delayed detection and remediation actions
Insights from Mo Cashman, Principle Engineer at McAfee
Why is collaboration and shared responsibility important for improving overall governance in the manufacturing industry?
“We often see blurred lines when it comes to responsibility for data security, cybersecurity and compliance in the manufacturing space. Unfortunately, lack of clarity about who owns what as part of a shared responsibility model means Information Technology (IT) and Operational Technology (OT) convergence is increasing cyber risk. For example, IT systems are used on the OT side, giving OT teams some level of responsibility for managing data security and governance. However, a combination of differing systems and policies as well as lack of transparency between teams can make it challenging to manage security as a whole. This challenge is further compounded because shared responsibility must also factor in the supply chain, and suppliers often bring their own security controls into the mix through the installation of their own devices.
“By implementing a shared responsibility model, teams can come together and create full visibility of who is responsible for each piece of the puzzle – for example, handling security at system and programming levels. This can ensure that the right controls are adopted where they are needed, while providing an encompassing view of security systems across the organisation.
“With a collective understanding of risk and responsibility between IT, OT and the supply chain, organisations are moving their security posture and data governance up one level. A good example of this already in practice is the cloud: as organisations become increasingly aware of their role in the shared responsibility model to secure the cloud, they are becoming more aware of their risk levels and able to manage these more effectively.”
What are the potential consequences for manufacturers that fail to implement a shared responsibility model across IT/OT/supply chain?
“Failure to adopt a shared responsibility model across IT, OT and the supply chain can leave manufacturers with unnecessary expenses, higher risks and weakened security. From a cost perspective, organisations could be paying for additional but unnecessary security licensing and monitoring. Without clarity on which tools are already in use across IT and OT teams, organisations will not only face challenges with interoperability but they’ll risk doubling up on tooling and training costs. Instead, taking a more holistic approach of the organisation as a whole will enable IT and OT teams to decide where responsibility lies and lower costs. For instance, OT teams have very specific requirements and expertise. While overall monitoring to collect and understand data might sit with IT, OT can layer on context for specific alerts based on their expertise. Taking a collaborative approach where everyone’s responsibility is clear will enable organisations to streamline processes and limit unnecessary costs.
“Ultimately, a key consequence of failing to adopt a shared responsibility model is a higher level of risk and poorer overall security. Without clear dividing lines on responsibility and a collaborative approach, IT will not have the comprehensive view of systems required to keep track of all data and potential threats. As a result, pockets of vulnerable systems are likely – falling through the cracks between teams. Limited visibility means limited security.
“This security issue is compounded in the manufacturing sector as the type of vulnerabilities impacting IT systems are often very different to those impacting OT. While lots of research exists around IT threats, less research is available on the OT side. Given that OT systems are usually lightweight and could be prone to damage if too much traffic is thrown at them, vulnerability discovery can be challenging. The combination of limited research and levels of system vulnerability which are harder to uncover means manufacturers can easily find themselves exposed to cyberattacks if a shared responsibility model is not employed.”
What current factors are driving manufacturing organisations to reconsider their current set-up and move to a shared responsibility model?
“Faced with uncertainty and confusion about what the ‘new normal’ will look like has meant business leaders are thinking about resilience more than ever. In doing so, they’re considering their enterprise as a whole – moving away from a more siloed view. For manufacturers, future resilience depends on their systems remaining up and, importantly, secure. This requires business leaders to think more closely about the role that people, process and technology play. When considering a return to normality, organisations are wondering how they would deal with cybersecurity challenges if staff are working remotely, or how they could operate more flexibly to adjust as restrictions ease and tighten in response to the rate of virus transmission in future. Taking this holistic view of the whole organisation inevitably starts to break down barriers between teams and puts the shared responsibility model front and centre.”
What benefits will shared responsibility bring to the future of the manufacturing space?
“Firstly, shared responsibility allows manufacturing organisations to leverage expertise where it lies. For example, while IT teams have a centralised view and understanding of IT risks, they should collaborate with OT teams for industry context as required. Collaboration here will allow for quicker identification and investigation of alerts, reducing response time as teams both detect and mitigate threats more quickly.
“In the manufacturing sector particularly, safety is an important benefit of adopting a shared responsibility. Improved security, via a shared responsibility model, will help teams to uncover security risks before they have major consequences for customers. What’s more, if OT, IT and the supply chain work together, teams will be able to identify new security boundaries and reduce future risk.”
Practical steps for manufacturers:
- Elect a governance committee. Creating a committee that includes individuals across IT, OT and the supply chain is vital. It can remove silos and provide a consolidated view of risk across the business as a whole.
- Conduct regular audits. Running audits across both IT and OT is key to ensuring visibility across systems, as well as opening doors to question processes and systems. What systems are out there? Who are the suppliers? What SLAs/security contracts are in place? Through these audits, teams can identify risks, kick-start contractual discussions with suppliers and agree the process to mitigate vulnerabilities before they occur.
- Start with monitoring. Increasing overall levels of monitoring will provide greater visibility. This monitoring should go hand-in-hand with implementing threat detection capabilities and the response plans that go with them. Ultimately, response times can be reduced if IT and OT teams understand their roles and responsibility in the process.
- Asses the overall security architecture. Fostering a more holistic view of the current enterprise set-up and how this maps with existing security standards is crucial. If IT and OT teams use different models to meet different criteria, manufacturers should aim to bring these models together into one consolidated enterprise view of cyber risk.
- Create a security awareness programme. By implementing a security awareness and readiness programme, organisations can ensure that all teams are educated on security procedures and are actively involved in maintaining them. This programme should include everyone from end users to OT engineers, and all the way up to executive level, in order to ensure that all areas of the manufacturing process are covered.