November 26, 2019 • The Recorded Future Team
It wasn’t so long ago that large manufacturers had relatively little to worry about as far as cybersecurity was concerned. After all, their primary resources were huge industrial machines, which typically weren’t “smart” enough to connect to anything more complicated than a power grid.
Oh, how things have changed …
These days, manufacturing organizations have some of the most complex network environments around. The industrial IoT/OT revolution has enabled huge efficiency gains and new business models galore — but it has also created hundreds (even thousands) of new entry points for cybercriminals.
Let’s take a closer look at cyber threats facing the manufacturing industry, and how organizations with complex IoT/OT environments can use threat intelligence to secure against cyber threats.
The $10 Million Per Year Problem
Verizon’s 2019 Data Breach Investigations Report (DBIR) identifies privilege misuse as the top threat vector for manufacturers, with most cases following a successful phishing attack. The manufacturing industry in general doesn’t have a stellar record where phishing is concerned, with users being successfully duped by around 3.12% of phishing emails that make it into their inboxes. While this “click rate” may not sound too bad, it’s enough to place unprepared manufacturers at significant risk of compromise.
Other top threats for this industry include the hacking of web applications and denial of service (DoS) attacks. Nothing particularly unusual or groundbreaking here, but it’s generally not the attack vectors that are the problem — it’s their level of sophistication.
While 68% of breaches are financially motivated, a substantial 27% are motivated by espionage. Given that the manufacturing industry is one of the more frequently breached industries, 27% is a remarkably high proportion. This speaks to the sophistication of many attacks targeting the industry — cyberespionage is typically conducted by organized threat groups, often with nation-state backing.
So what happens if a breach does occur? Ponemon’s 2018 Cost of Data Breach Study found that manufacturers take an average of 168 days to identify a breach, and a further 63 days to contain it. Surprising as it may seem, that timeline actually places the industry fifth overall in terms of speed. However, this time period is still a major concern because the cost of a breach rises sharply if it isn’t identified and contained within just 30 days.
On average, manufacturing data breaches cost $152 per record to contain, and a study by Accenture found that cybercrime costs the average manufacturer more than $10 million every year.
Threat Intelligence for the Manufacturing Industry
Securing a complex manufacturing environment against cyberattacks is a difficult task. The influx of IoT/OT devices has left many manufacturers with thousands of new endpoints to protect — each with its own firmware to patch. With limited security resources at their disposal, it simply isn’t possible for businesses to protect every device against every possible threat.
Even with the strain of limited resources, security teams must do everything in their power to secure these complex environments. Security operations and incident response teams in the manufacturing industry routinely receive hundreds of thousands of threat alerts each day, from which they are tasked with identifying, triaging, and remediating any serious ones that arise.
Unsurprisingly, the volume and complexity of this workload can quickly become overwhelming without the right tools.
Threat intelligence is the lever security teams can use to make this seemingly impossible task more achievable. It helps security teams at manufacturing organizations make better decisions about how and where to invest their resources, and enables operational security personnel to rapidly sift through incoming alerts to identify those that could become more serious threats.
Three common use cases for threat intelligence include:
1. Identifying Serious Vulnerabilities
In the past, vulnerability management hasn’t always been the most scientific security discipline. Lacking insight into which vulnerabilities were most critical, many organizations have treated VM as a numbers game — simply trying to identify and patch as many vulnerabilities as possible.
However, with such large and complex environments, manufacturers simply can no longer afford to make this error. Their security teams must have a way to identify the most serious vulnerabilities at any given moment so they can be patched as a priority.
Threat intelligence helps security teams identify vulnerabilities that are being actively exploited and/or included in exploit kits. With these vulnerabilities identified and patched, the risk of compromise is reduced exponentially.
2. Investing Wisely
These days, most manufacturers allocate a much greater volume of resources to cybersecurity than was typical a decade ago. Even so, given the difficulty of securing connected IoT/OT environments, resources can easily become stretched thin.
Threat intelligence helps security leaders in the manufacturing industry to build an accurate picture of their organization’s threat profile. In turn, this enables them to prioritize initiatives and investments based on actual risk, rather than guesswork — ensuring that their limited security resources are utilized to maximum effect.
3. Moving Beyond Reactive Security
Not all organizations are as difficult to secure as those in the manufacturing industry. Some can rely primarily on reactive security protocols like firewalls, spam filters, EDRs, and so on. But this is a luxury that manufacturers just don’t have. Even unsuccessful cyberattacks against a manufacturing organization could cause damage or disruption to critical machinery, which can prove extremely costly.
Instead, manufacturers must take proactive steps to identify and remediate any security weaknesses in their IoT/OT environment that could be exploited by a threat actor. Common techniques include penetration testing, internal hunting, and red teaming.
However, proactive security techniques aren’t something that can be deployed randomly—they must be properly directed, or security teams can end up wasting huge amounts of time and resources. Threat intelligence helps security teams identify the tools and tactics threat actors are using right now to target similar organizations. Once identified, those same tools and tactics can be deployed proactively to secure the systems and assets most likely to be targeted in a real-world attack.
Protecting IoT/OT Environments
When technology plays such a critical role in an organization’s business model, protecting against cyberattacks must be a priority. Taking proactive cybersecurity measures is essential for organizations in the manufacturing industry, because — on top of all the usual issues surrounding successful attacks and breaches — any damage or disruption to operations can be hugely expensive.
Threat intelligence helps manufacturers defend against cyber threats by enabling them to quickly identify critical vulnerabilities and make better decisions about where and how to invest their security resources.
Building threat intelligence into proactive security processes, such as internal hunting and red teaming, can also add tremendous value. It empowers security teams to identify the tools and techniques most likely to be employed by threat actors. Once identified, these tools can be used to identify weaknesses in the organization’s environment under test conditions, so they can be addressed before they can be exploited by a malicious party.
If your organization isn’t currently using threat intelligence, here’s an easy way to get started. Sign up for our free Cyber Daily newsletter, and you’ll receive the top cybersecurity intelligence direct to your inbox each morning, including:
- Top targeted industries
- Most active threat actors
- Most exploited vulnerabilities
- Trending malware
- The latest suspicious IPs
- And much more
Subscribe today and use this intelligence to keep your organization — and your customers’ data — safe from cyber threats.