FEATURE: MANUFACTURING SECURITY
H
ackers can vary when
targeting the industry, but
they are typically financially-
motivated, state-sponsored attacks,
which occur when government-funded
organisations break into a network
to steal intellectual property (IP) and
trade secrets. These groups are some
of the most sophisticated hackers,
using a high level of expertise when
targeting companies. They seek
extremely valuable IP to further the
betterment of the people in their
country, or perhaps more commonly,
for financial gain.
MANUFACTURING
COMPANIES SHOULD
HAVE AN ONGOING,
METRICS-BASED
INTELLIGENCE-DRIVEN
SECURITY PROGRAM
IN PLACE TO EVALUATE
THE EFFECTIVENESS OF
COMMON PROGRAMS,
LIKE VULNERABILITY
MANAGEMENT, DATA
LOSS PREVENTION
AND ANTIVIRUS
PROTECTION
Prevention methods for every
manufacturer
With the continuous increase in cyber
threats, and large organisations in
nearly every sector making headlines
as a result of data breaches, it can
seem overwhelming to evaluate
just where to start to protect a
manufacturing company’s data. Let’s
break it down.
First and foremost, manufacturers
should have a vulnerability
management plan in place, and
conduct ongoing vulnerability scans.
These regular scans can help find
unpatched systems and holes, which
is often where hackers find their way
in. In fact, most of these attackers are
not leveraging zero-day vulnerabilities
all the time; instead, they are taking
advantage of vulnerabilities that have
been out for years.
Next, it’s highly critical to prioritise
security awareness, and promote
this notion to all employees, from
the C-suite to temporary hires
and third party contractors. From
my past experience at a chemical
manufacturing plant, I found that
40% -50% of attacks by state-
sponsored groups were conducted via
spearphishing.
These attacks are spread through
malicious emails that appear to be
from an individual or business that you
know, though it isn’t. Employees think
the email is from a trusted source,
click links within the email, and just
like that, a hacker has entry into the
company’s network.
A strong example of proactive
security awareness is to conduct
regular white hat phishing
campaigns, where an organisation
sends out phishing emails to
employees that are not malicious,
but simply used for education and
to gain an understanding of threat
ABOUT THE AUTHOR
Tim Bandos is Director of Cybersecurity,
Global Services for Digital Guardian,
a data protection firm. He joined
Digital Guardian after spending time
overseeing an incident response team
for a global manufacturer. His role at
Digital Guardian is to further build out
the Managed Service Program (MSP)
to deliver advanced threat protection to
Digital Guardian’s global customer base.
He brings a wealth of practical
information gained from tracking and
hunting advanced threats targeted
at stealing sensitive data and is
leveraging that contextual knowledge
by building it into behavioural based
detection signatures and rules for
Digital Guardian MSP customers.
44
INTELLIGENTCIO
www.intelligentcio.com