For the first time in five years, there are more cyberattacks on the manufacturing industry. It has thus overtaken the financial and insurance industry in terms of the number of attacks measured. This is shown by the current X-Force Threat Intelligence Index 2022 from IBM.
Most attacks on production involve exploiting vulnerabilities (47%) and phishing (40%). Cyber criminals exploit the important role of manufacturing in global supply chains in order to disrupt them. Also, manufacturers have a low tolerance for downtime.
Ransomware exploits pandemic
In addition, ransomware takes advantage of the stressful situation aggravated by the pandemic. Accordingly, it remains the most common type of attack, even if its share of the total volume has decreased. In return, companies are increasingly confronted with a triple blackmail: their data is encrypted and stolen, while at the same time the hackers threaten to publish this data and launch a DDoS (Distributed Denial of Service) attack against the victim if it is not ransom pays. To protect against these dangers, Wolfgang Huber, Regional Director DACH at the data management provider Cohesity, recommends the following measures:
Closing security gaps faster
It is shocking that almost half of all attacks still exploit known vulnerabilities. As a result, companies in all industries must constantly update their systems and apply all available patches immediately. Properly secured systems, effective password policies, and ensuring compliance are critical building blocks of solid security. At the same time, companies should also contain the risk in the area of credentials with the help of strict access controls such as multi-factor authentication or granular role-based access control.
inventory for data
Organizations need to determine what data they own, where it resides, how it is classified, and who is working with it. Only then can they determine whether deviating behavior towards these data sets occurs, for example through espionage, ransomware or phishing victims. With the help of automation, machine learning and AI, the environment can be mapped to determine the locations of the most valuable data. Based on a policy-based approach, it is then necessary to consider how the data is protected and restored in the event of an attack. For example, ML and AI tools immediately recognize that data is in the wrong place and isolate it. In this way, an immediate reaction can take place if deviations are detected.
Trust no one
Hackers are increasingly resorting to targeted attacks that conventional security tools usually do not detect. The Zero Trust model is based on the principle "never trust, always verify", i.e. trust nobody, verify everyone. It should be implemented with effective solutions that combine data security and data governance. Then organizations can determine who is accessing data and spot behavioral anomalies in near real time. Automated data classification with predefined guidelines for regulations like GDPR makes it easier to meet compliance and governance requirements. In addition, policy-compliant countermeasures can be triggered via integration with leading SOAR (Security Orchestration, Automation and Response) platforms.
Use immutable backups
In the past, cybercriminals only encrypted production data. These can be restored quickly using backups. But today they are also increasingly destroying or encrypting the backup data. That's why organizations need to deploy next-generation data management solutions that include immutable backup snapshots. Immutability ensures that no unauthorized user or application can modify the "golden" copy of the backup. Any attempt to modify the "golden" copy will automatically result in the creation of a zero-cost clone. These architectures should also include robust encryption algorithms, erasure coding, and WORM (DataLock).
Use security as a service
Many industrial companies are overwhelmed with the introduction of current security solutions. But they can simply use them as service offerings. This doesn't just apply to an AI/ML-based data security and governance service that automatically detects sensitive data and anomalous access and usage patterns. A copy can also be stored in vendor-managed secure data isolation. In the event of a ransomware attack, companies can then quickly and reliably restore a clean copy of the data to the desired location - on premises or in the cloud.
With modern data management solutions, companies can scan production data and improve their general security situation using AI-supported functions. For example, those responsible are notified if backup data changes or access rates deviate from the norm. Because that could indicate an attack. The security solutions can also be used as a service. Then companies are optimally protected even without their own infrastructure.
More at Cohesity.com
About Cohesity Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.