Elevated ransomware assaults on industrial management methods (ICS), blended with normal ICS insecurity discovered throughout the manufacturing sector, has given rise to a information particularly addressing this threat.
Manufacturing has been a goal of ransomware for fairly a while — I’ve even lined a latest assault centered on credential harvesting.
With the aim of a ransomware assault to disrupt operations, bringing operational applied sciences to a halt is an impactful technique to make the assertion “pay the ransom.”
Based on cybersecurity vendor Dragos’s recently-released 2023 OT Cybersecurity in Evaluation report, manufacturing has been a serious goal:
- Ransomware assaults in opposition to industrial organizations elevated 50% over the earlier 12 months
- 70% of all ransomware assaults focused 638 manufacturing entities in 33 distinctive manufacturing subsectors.
In different phrases, it’s a giant drawback.
In response, SANS has launched the SANS Technique Information: ICS Is the Enterprise as a way of offering steerage on easy methods to higher safe ICS/OT environments. The controls they advocate are:
- ICS-Particular Incident Response
- Defensible Management System Community Structure
- ICS Community Visibility and Monitoring
- ICS Safe Distant Entry
- Danger-Primarily based ICS
- Vulnerability Administration
What’s slightly unnerving is that SANS (who quotes the Dragos report a number of instances) fully missed the boat on the place manufacturing’s biggest threat is; in response to the Dragos report, the primary TTP utilized by risk teams is Legitimate Accounts (present in 60% of all assaults on manufacturing).
And nowhere within the SANS suggestions is something about securing credentials with MFA, encouraging advanced (learn: not simply guessed) passwords, and safety consciousness coaching (as the first methods accounts are compromised is thru phishing and social engineering).
Manufacturing undoubtedly has some securing to do; the important thing will likely be addressing its the best dangers.
KnowBe4 empowers your workforce to make smarter safety choices on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.