Lastest news

Reducing the risk of ransomware attacks in the manufacturing sector

Mar 12, 2021

While the pandemic has highlighted the need to keep our IT systems safe from cyberattacks, many forget that our manufacturing sector remains just as vulnerable as finance. Pat Moran lay out five key ways CFOs and COOs can keep their businesses and its operations safe.

According to Dragos, industrial cybersecurity experts, the number of publicly recorded ransomware attacks against the global manufacturing sector tripled in 2020. With manufacturing giants like Westrock, Foxconn, Honda and Norsk Hydro among those reporting attacks, it is clear that accountants and others leading in this sector need to protect themselves. Adopting defence-in-depth security strategies and having effective preventative, detective and corrective controls is critical for reducing risk.

High-risk entry points

The most common entry points for ransomware attacks are:  

  • spear-phishing, which targets specific users;
  • remote workers; and 
  • exploiting software vulnerabilities and enterprise network equipment.

As companies move towards smart manufacturing processes, care needs to be taken with adopting Wi-Fi enabled industrial devices and tools. If these devices are connected to corporate networks or other networks and are not protected adequately, they can become network access points by a cyber attacker. Attackers use these techniques to gain a foothold on the corporate IT system and then attempt to disrupt the IT environment and manufacturing operations.

Reducing the risk

There are five things the Chief Financial and Chief Operational Officers can do to ensure their systems are not susceptible to a ransomware attack.

Vulnerability management

Perform vulnerability assessments on critical control systems to identify and remediate any software security issues.

Implement proper access control

To reduce the impact of ransomware attacks, it is critical to have proper segmentation between the IT and the operational technology (OT) network. Regularly conduct architecture reviews to identify all assets, connections, and communications between IT and OT networks.

Gain deeper visibility

As manufacturing operations become increasingly connected, gaining good visibility of assets, processes and external connections are vital. Companies should monitor outbound network connections from OT networks to detect any malicious threat behaviours.

Secure your remote connections

Due to the global pandemic, businesses were forced to rely on remote access to manage critical infrastructure. Organisations need to secure any remote access to these systems to reduce the risk of cyber-attack. One way to do this is to create barriers such as a virtual private network. 

Backups and incident response

The best defence against ransomware is to have robust and well-tested backups. Organisations can quickly recover if they have good backup and restoration policy and procedures in place. They should maintain recent backups online and offline to ensure organisations can restore their system correctly. 

It is also essential for organisations to have a comprehensive and well-tested incident response plan to respond to cyber threats. It must be designed with OT concerns in mind. 

Pat Moran is the Cyber Leader at PwC.