Manufacturers can take steps to combat third-party supply chain cyber attacks.
84% of IT and security executives believe that supply chain attacks could become the biggest cyber threat in the next three years.
By Almog Apirion, CEO and Co-founder of Cyolo
Cyberattacks may have once favored industries like banking and healthcare, but manufacturers are now increasingly finding themselves confronting similar threats. With breaches growing more sophisticated at the same time the workforce is becoming more distributed, it’s unsurprising that the likelihood of cyberattacks on manufacturing organizations is rising. In fact, an IBM report indicated that manufacturing was the most attacked industry in 2021, and with notable attacks at Puma, Toyota and more, 2022 isn’t looking much better. With this in mind, let’s take a closer look at some of the ways manufacturers are specifically targeted and then discuss what companies can do to prevent attacks in the future.
Risks of shared accounts
Vulnerability to external threats and data breaches increase dramatically when employees use or share generic accounts. In many cases, employees use the exact same username and password across multiple platforms in an effort to save time and easily access resources. This behavior is always risky, but it is especially dangerous in critical industries like manufacturing. Beyond raising the risk of a phishing attack or other cyber incident, when multiple employees use shared accounts it becomes difficult if not impossible to trace who is actually performing particular actions. This is a compliance red flag as well as a clear security issue.
The growing threat of supply chain attacks
A supply chain attack occurs when a bad actor targets and infiltrates an organization through one of its third-party partners, such as a vendor, supplier or contractor. 84% of IT and security executives believe that supply chain attacks could become the biggest cyber threat in the next three years. While businesses across all industries can fall victim to supply chain attacks, the manufacturing sector is especially at risk because of the many third party actors needed to keep operations running.
Supply chain attacks can be particularly difficult to combat as they do not target the manufacturer directly. In light of this, it may initially seem that the security of the manufacturer lies completely in the hands of third parties’ security controls. While this is thankfully not the case, it is still imperative that manufacturers implement security measures to ensure that compromised third parties will not be able to leave them and their operations at risk.
Identity-based access and muti-factor authentication
The first step to combatting shared accounts and preventing supply chain attacks is to replace or augment your perimeter-based security tools with identity-based access protocols. This one action will decrease the likelihood of a damaging data breach without causing friction for users or changing the way they work on a daily basis.
The traditional perimeter-based security approach, which serves as the basis for tools like firewalls and VPNs, creates a network perimeter that third parties and other off-site users can enter after passing an initial verification process. Once inside, users have full visibility and access to all applications, files and systems within the perimeter.
Identity-based solutions, by contrast, grant access only to the applications and resources a given user needs to perform their assigned tasks. The principle of least privilege, a key tenet of identity-based access, ensures that, for instance, a developer may get access to live production environments but a salesperson would not. And neither would have access to admin credentials. In addition, whereas legacy remote access tools such as VPNs perform one initial authentication and then provide uninterrupted system access, identity-based access solutions continuously verify the user’s activity and can end their session if anomalous or otherwise suspicious behavior is detected.
Another major advantage of identity-based access is its ability to substitute internal application credentials with single sign-on (SSO). This means sharing generic accounts is no longer more convenient than simply maintaining one’s own single set of application credentials. While this change may imply the need to upgrade existing applications to those who support MFA, to see the greatest benefit, choose an access solution that extends cloud SSO as well as adaptive multi-factor authentication (MFA) to legacy systems that are not built with strong authentication.
It is not difficult to see how identity-based access gives manufacturing companies greater control over both internal and external users than the older perimeter approach. Beyond continuous verification and least privilege access, third-party or other high-risk users can also be granted access only at specific times or under specific circumstances. Features like real-time monitoring and session recording add another layer of visibility and accountability to help manufacturing organizations understand exactly what is happening in their systems and maintain the highest level of security. With identity-based access, even if a breach occurs the attacker’s ability to cause harm will be severely limited.
Almog Apirion is CEO and co-founder of Cyolo and an entrepreneur with expertise in leading teams, building processes, and developing technologies from vision to execution. He is an experienced technology executive, CISO, and a former Navy Cyber Unit founder and commander with a long history of leading the cybersecurity and IT technologies domain. His extensive background includes building and securing critical infrastructures at large organizations, and leading teams to success.