Elevated ransomware assaults on industrial management programs (ICS), blended with common ICS insecurity discovered throughout the manufacturing sector, has given rise to a information particularly addressing this danger.
Manufacturing has been a goal of ransomware for fairly a while — I’ve even lined a current assault targeted on credential harvesting.
With the aim of a ransomware assault to disrupt operations, bringing operational applied sciences to a halt is an impactful strategy to make the assertion “pay the ransom.”
In response to cybersecurity vendor Dragos’s recently-released 2023 OT Cybersecurity in Evaluate report, manufacturing has been a serious goal:
- Ransomware assaults in opposition to industrial organizations elevated 50% over the earlier yr
- 70% of all ransomware assaults focused 638 manufacturing entities in 33 distinctive manufacturing subsectors.
In different phrases, it’s a giant downside.
In response, SANS has launched the SANS Technique Information: ICS Is the Enterprise as a method of offering steering on tips on how to higher safe ICS/OT environments. The controls they advocate are:
- ICS-Particular Incident Response
- Defensible Management System Community Structure
- ICS Community Visibility and Monitoring
- ICS Safe Distant Entry
- Threat-Primarily based ICS
- Vulnerability Administration
What’s slightly unnerving is that SANS (who quotes the Dragos report a number of occasions) utterly missed the boat on the place manufacturing’s best danger is; in line with the Dragos report, the primary TTP utilized by risk teams is Legitimate Accounts (present in 60% of all assaults on manufacturing).
And nowhere within the SANS suggestions is something about securing credentials with MFA, encouraging complicated (learn: not simply guessed) passwords, and safety consciousness coaching (as the first methods accounts are compromised is thru phishing and social engineering).
Manufacturing undoubtedly has some securing to do; the important thing will likely be addressing its the best dangers.
KnowBe4 empowers your workforce to make smarter safety choices daily. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.