Secureworks: Combining Social Engineering Attacks in a Cyber Kill Chain
By Eduardo Di Monte, Cybersecurity Portfolio Strategic Growth Leader, Rockwell Automation
Given the ongoing – and often high-profile – stream of news coverage, it’s hardly surprising that cybersecurity has become an important issue for manufacturing leaders. While the risks to industrial environments are not new, there’s a reason why security has become such a focal topic. Manufacturing operations typically advance slowly, yet cyber attackers move with great speed, adopting new tactics and techniques while always capitalising on ways of scaling their activities.
While ‘faster’, more digitally centred sectors, such as IT, e-commerce and fintech, have been nimbler in protecting their systems and networks against risks, many manufacturers are still playing catch up. Like the slowest gazelle in the herd, leaders in the sector realise they must move faster if they are to outpace potential predators.
For industrial leaders, it’s vitally important to be cognisant of how strongly their organisation’s security approach compares with their peers and take action to reduce the risk of falling prey.
Taking a Holistic Approach
Leaders need to take a wide-lens approach to their cyber defence. Any organisation is only as secure as its weakest link and it only takes one vulnerability to leave the network open to a broad range of potential attacks. Threats emerge from a variety of sources, ranging from simple employee errors to an unsecured network, meaning that no area can be ignored.
The complexity of current industrial environments means that dependencies and impacts can be difficult to spot. There has been a great deal of progress in employee awareness around best practices regarding password protection, device security and the secure use of cloud-based platforms. However, threats can emerge from areas beyond your organisation’s control. If, for example, a supplier suffers a data breach, how could this impact your organisation? This pushes the need for your entire organisation – and its wider network – to raise its cybersecurity threshold and to spot any weak points before they become an issue.
Key Elements of Robust Cyber Risk Management
While no environment can ever be fully secure, there are fundamental steps that will help to embed cybersecurity, not just from an operational perspective, but also from the point of view of building a security-minded company culture. These elements can help to build up the level of robustness needed for ongoing progress.
Executive leadership needs to set the tone and expectations around cybersecurity. If it’s not seen as a priority issue at board level, it will never be given adequate consideration and emphasis at the management and employee levels. Resourcing and funding are a key part of this, including the possibility of having a cyber expert in the boardroom to help shape and direct the strategy.
Everyone in the organisation needs to see cyber defence as part of their job. With a more pervasive use of digital devices and software services in everyday work, the span of potential threat vectors has become vast, and often opaque to those managing the network. For example, if an employee is using a device for both professional and personal purposes, are they taking the same precautions for all online activity? Does anyone else have access to the devices? Awareness and training play an important role in devolving these responsibilities across the network and helping workers to understand their role in the process, adopt best practices into their daily work and to avoid the risk of errors.
Cybersecurity is a company-wide endeavour. No one department or team “owns” cybersecurity, and the responsibilities are too great for IT to be left with the heavy lifting. Siloing the response only hinders the organisation’s speed in acting on emerging threats. In industrial environments, we’re seeing the gap between IT and OT continually diminish as ‘integration’ becomes a core business objective. As the different parts of the organisation integrate at a process and workflow level, there must also be integration at a security level.
- Visibility and detection
Network security is an ongoing and ever-evolving priority for any organisation. In manufacturing, companies need to be proactive in identifying risks across their internal and supply chain operations so that they can take swift remedial action. If the threat is known, it’s already too late. Analytical capabilities can help in detecting unusual patterns, such as early signs of DDoS activity or unauthorised access attempts, early and then in activating instant response measures.
Cybersecurity is never a once-and-done event and needs a consistency in both commitment and in execution to become part of the fabric of how your organisation operates. You need to be confident that the cyber strategies and processes you have in place today will continue to secure your organisation into the future.
Working Together on Security
As workers become more digitally-savvy, they typically gain a greater understanding of the implications of poor security practices. This evolution is helping to drive the need for a collective responsibility and approach when it comes to keeping the organisation secure.
Often, the simplest and more practical approach is the most effective. Your organisation doesn’t need to have the most advanced cyber strategy, you just need to get to a point where risks are minimised and you’re no longer ‘easy pickings’ for the fast and nimble cyber attackers. To get out of harm’s reach, focus on developing a risk management approach that’s clear for workers to grasp and easy to implement across the business.
You can find out more about cybersecurity in manufacturing today from the Management Perspectives cybersecurity playlist – a wealth of resources to help you keep your business safe.