Manufacturing industry is at risk of increased cyberattacks

Insufficient internal access controls make it easy for attackers to spread laterally, steal intellectual property via cyberespionage and disrupt business operations.

Vectra says that the manufacturing industry exhibits higher-than-normal rates of cyberattack-related reconnaissance and lateral movement activity. This is due to the rapid convergence of enterprise information technology and operational technology networks in manufacturing organizations.

As part of key findings in the new 2018 Spotlight Report on Manufacturing, Vectra revealed that attackers who evade perimeter security can easily spy, spread and steal, unhindered by insufficient internal access controls.

The manufacturing industry has had a lower profile as cyberattacks against the retail, financial services and healthcare industries have made headlines. However, intellectual property theft and business disruption are primary reasons why manufacturers have become prime targets for cybercriminals.

“Recent reports about nation-state cyberattacks against U.S. utility control systems show that cybercriminals are intent on surreptitiously taking inventory of critical industrial assets and intellectual property to disrupt manufacturing business operations,” said Vikrant Gandhi, industry director at the analyst firm Frost and Sullivan.

Other key findings in the Spotlight Report on Manufacturing from Vectra include:

§A much higher volume of malicious internal behaviors, which is a strong indicator that attackers are already inside the network.

§An unusually high volume of reconnaissance behaviors, which is a strong indicator that attackers are mapping out manufacturing networks in search of critical assets.

§An abnormally high level of lateral movement, which is a strong indicator that the attack is proliferating inside the network.

“The interconnectedness of Industry 4.0-driven operations, such as those that involve industrial control systems, along with the escalating deployment of industrial internet-of-things (IIoT) devices, has created a massive, attack surface for cybercriminals to exploit,” said Chris Morales, head of security analytics at Vectra.

The 2018 Spotlight Report from Vectra is based on observations and data from the 2018 Black Hat Conference Edition of the Attacker Behavior Industry Report, which reveals attacker behaviors and trends in networks from over 250 opt-in enterprise organizations in manufacturing and eight other industries.

From January through June 2018, the Cognito threat-detection and hunting platform from Vectra monitored network traffic and collected metadata from more than 4 million devices and workloads from customer cloud, data center and enterprise environments. The analysis of this metadata provides a better understanding about attacker behaviors and trends as well as business risks, enabling Vectra customers to avoid catastrophic data breaches.

The Cognito platform from Vectra enables enterprises to automatically detect and hunt for cyberattacks in real time. Cognito uses AI to perform non-stop, automated threat hunting with always-learning behavioral models to quickly and efficiently find hidden and unknown attackers before they do damage. Cognito provides full visibility into cyberattacker behaviors from cloud and data center workloads to user and IoT devices, leaving attackers with nowhere to hide.

Cognito Detectand its AI counterpart, Cognito Recall, are the cornerstones of the Cognito platform. Cognito Detect automates the real-time detection of hidden attackers while giving Cognito Recall a logical starting point to perform AI-assisted threat hunting and conduct conclusive incident investigations.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
73% of organizations lack automated patch management, and 62% experienced incidents involving exploitation of a vulnerability for which a patch was available but had not yet been deployed.
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with certain of its affiliates, “Clearlake”) to acquire the Company from Francisco Partners. Patrick Nichols, current CEO of Quest, will continue to lead the Company supported by the existing executive management team. Upon closing of the transaction, Clearlake will become the majority shareholder in Quest. The terms of the transaction were not disclosed.
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to help secure, isolate and recover data from a ransomware attack.
Aqua’s cloud native application protection platform becomes the only solution that protects cloud applications, their code, and their CI/CD infrastructure.
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities compared to legacy on-premises hardware and appliance-based models.