Intelligent CIO APAC Issue 01 | Page 82

FINAL WORD Manufacturing: How the industry can improve its security posture Attacks on manufacturing organizations can be particularly disruptive and, with the on-going convergence of IT and OT systems, it’s critical that CIOs take steps to secure their critical infrastructure. Vinod Kumar, CEO, Subex, tells us about the challenges facing manufacturing firms and how they can get ahead of attackers. Can you tell us about some of the unique cybersecurity challenges facing manufacturing organizations? Today, manufacturers are battling hackers and disruptive actors at various levels. The converged environment gives rise to OT, IoT and IT threats but such convergence of technologies also opens up more attack vectors for hackers to exploit vulnerabilities while giving rise to what we call hybrid risks. This is a euphemism for threat actors using a range of methods including a blend of traditional and non-traditional approaches to initiate a cyberattack. Also, malware potency is increasing and hackers are using persuasive messages in phishing emails to cause a breach through insider activity. Why is this industry so targeted? The manufacturing sector represents the lifeline of an economy. It is therefore high on the agenda of state-backed hacker constellations, also known as APT groups. The supply chain element also plays a key role as all these firms are relying on third party contractors or subcontractors who might not have the best security posture. Manufacturing entities also hold plenty of intellectual property – information of commercial interest to various groups. Manufacturers also want to avoid disruption at any cost so they are ideal targets for hackers who seek to monetize breaches faster through ransomware. Our research has shown that as much as 14% of all stolen data on the Dark Web is connected to the manufacturing sector. This indicates the volume of breaches that have been successful so far. Can you tell us how the threat landscape has changed for this industry during the COVID-19 pandemic? The risks have increased and the threats have multiplied. Today, we are amid what we call the second wave of attacks linked to the pandemic. Because of the confusion and anxiety that characterised the first few months, hackers were able to initiate a co-ordinated campaign resulting in many successful breaches through phishing emails and those that exploited unsecured home networks due to the prevalence of work from home. Simultaneously, we also saw an increase in targeted cyberattacks and a spike in the number of variants of previously detected malware. This trend is yet to peak and attacks may continue for a few more months. How important is it for manufacturers to strengthen their cyberdefenses in light of the COVID-19 pandemic? The response to these attempts by various hackers and agencies should be proportionate to the deteriorating threat 82 INTELLIGENTCIO