Manufacturing needs to adopt a Zero Trust approach to mitigate growing cyber threats. | So Good News
Thales’ 2022 Data Threat report states that the manufacturing industry is far from immune to cyber attacks and will continue to be targeted until it adopts a completely trustless approach.
It’s a time when manufacturing systems and business operations have become extinct from the Internet and are therefore not a cyber security target. Today, almost any organization is deeply connected to the Internet: local, distributed and cloud environments; machines, Many devices and Internet of Things (IoTs); In addition, Numerous “from anywhere” employees.
Today, at the dawn of the fourth industrial revolution, All types of manufacturers are an attractive and vulnerable high-value target for threat actors due to their high intrinsic value and economic risks from supply chain disruptions. The manufacturing edition of the Thales 2022 data threat report highlights how these industries can be more resilient to cyber threats and offers advice on improving the manufacturing cybersecurity posture.
Key findings of the survey
The research was conducted in January 2022 as an observational web survey targeting security and IT management professionals worldwide. This report focuses on a subset of the survey’s data related to 90 automotive and non-automotive manufacturing safety leaders and practitioners, comparing their responses to a universe of 2,800. The most important key findings are:
- human beings The alphas and omegas of cyber security
- Humans are privileged to be the most important and at the same time the most vulnerable point of our digital world. Many devastating cyber attacks start from a simple user error. Data from the survey demonstrates that humans occupy the top positions on the list of threats to automotive and non-automotive manufacturers: human errors; state actors; Hackers and malicious insiders.
- While respondents seem aware of cyber threats, 7 out of 10 do not prioritize multi-factor authentication (MFA) as the most effective security technology to protect against cyber attacks. Additionally, one in four manufacturers reported encrypting more than 60% of their sensitive information in the cloud, while other technology manufacturers prioritized encryption less than the global average of 3% of respondents overall.
- Finally, Data from the survey highlighted that the use of advanced authentication methods in cloud services and applications is much higher than that used for legacy on-premises applications.
Cyber attacks are on the rise.
Nearly three out of four participants noted a growing trend in ransomware attacks, half of which were malware; An increase in denial of service and phishing/whaling has been reported. In addition, 80% of participants responded that they are very concerned about the potential cyber threats of working remotely.
Nearly a quarter (23%) of automotive and 18% of non-automotive manufacturers reported experiencing a ransomware attack that resulted in financial loss. increased recovery costs; They suffered loss of critical data and productivity and reputational damage. Sadly, Fewer than 50% of manufacturing industry participants have formal contingency plans to activate in the event of a ransomware attack.
The challenge of protecting sensitive data
To effectively protect your data; You need to know where your important data is. More than half of automotive and non-automotive participants feel very confident that they know where their data is, compared to 53% of respondents across all industries. However, the survey revealed that only 19% of automotive manufacturers and 26% of non-automakers classified all of their data. It means you can expose the really important information that needs to be protected.
The manufacturing industry uses a number of key management tools, including risk, It increases cost and complexity. The survey revealed that 51% of automotive and 61% of non-automotive manufacturers have 5 or more key management solutions.
When it comes to protecting sensitive cloud data, 6 in 10 respondents have implemented encryption, but only 53% properly manage the lifecycle of their encryption keys. Encryption is only as good as the keys used. Poor key cycle management can increase vulnerabilities and cyber attack threats.
Apply the zero confidence method.
Because production infrastructures are usually distributed and heavily dependent on third parties, the use of a Zero Trust strategy is widely dispersed; It is essential because it ensures at least comprehensive access to high-value data and assets. the size of underlying networks; Due to complexity and flexibility, the attack surface has risen significantly by transforming classic OT devices such as industrial control IoT devices. Zero trust security techniques are typically effective and serve well in these settings.
26% of automotive and 31% of non-automotive reported embracing and implementing Zero Trust strategies, compared to 29% across all industries. The top three areas where respondents want to use Zero Trust are cloud access; On-premises access and remote access management are 64% and 67% among automotive and non-automotive manufacturers, respectively; .
Due to high infrastructure and human factors, security issues affect manufacturers. Full lifecycle key management without implementing encryption contributes to the problem of data loss due to breaches.
Thales’ report showed that MFA is being developed as a defensive measure, but is not yet widely used. The Zero Trust approach gains momentum in remote access and cloud environments, but to be truly effective; It should apply everywhere and to everyone. A Zero Trust plan should also include separate protection of cloud-based assets from cloud infrastructure using encryption and centralized key management.
As manufacturers grow, they gain visibility throughout their company. A culture of shared understanding and cooperation is paramount to improving security. To learn more The full report can be downloaded here.
Did you enjoy this great article?
Check out our free e-newsletter to read more great articles.