Cyber attacks on industrial plants of all sizes have been increasing significantly for years. The risk extends across the entire supply chain. A recent study of 150 cybersecurity and IT professionals in midsize and large manufacturing companies found that one in two OT infrastructures is vulnerable to cyberattacks.
In addition, 53 per cent of respondents indicated that their organization had already been affected by a cyber-attack or another security incident that impacted OT networks in the last 12 to 24 months.
Modern supply chains have long been complicated, intertwined partner networks. And when one partner is compromised, all partners in the supply chain are impacted. The effects of an attack on a first-tier supplier can be just as devastating as an attack on your systems: Entire production lines can go down, which incurs considerable costs, hurts sales and damages the company’s reputation. For years, attackers have used vulnerabilities in the supply chain as a springboard to infiltrate other companies. Perhaps some still remember the data incident at the US trading company Target almost ten years ago.
Here, attackers used stolen credentials from an air conditioner manufacturer to access Target’s network and move laterally. The result: millions of stolen customer data, including payment information. A few years later, we saw NotPetya ransomware, another high-profile supply chain attack, initially infecting software at a Ukrainian accounting firm. As it progressed, multinational companies were hit, with an estimated total damage of US$10 billion. And more recently, the compromise of the SolarWinds Orion software and the SUNBURST backdoor gave attackers access to numerous companies and government agencies worldwide. The extent and effects of this attack have yet to be foreseen.
Measures Of The Industry
Cybersecurity in the supply chain is now perceived as an essential topic by executives and security officers in (almost) all industries. Accordingly, authorities, industry associations and regulators are taking steps to minimize the risk.
As a vaccine for COVID-19 got closer, IBM issued an alert on unknown threat actors targeting the COVID-19 vaccine supply chain. The security experts pointed out the increased capabilities of attackers and the urgency and severity of the supply chain risk. They warned that the threat to OT environments should be reduced. Accordingly, new cyber security standards are currently being developed to establish “cyber security by design” over the entire life cycle of a vehicle.
What Security Officers Can Do
Cyber risk in the supply chain is complicated and spans the entire lifecycle of a product – from development through manufacturing, distribution, warehousing and maintenance. The larger and more complex the life cycle is, the more opportunities there are to attack and to find and exploit a weak link in the chain.
And because supply chains are often global, involving multiple tiers of suppliers, responsibility for security does not rest with a single company. Every partner has to be involved here, making reducing cyber risks in the supply chain a challenge. Leaders shouldn’t just focus on their organization when creating business continuity plans. They also need to look at the security practices of their immediate suppliers and how they, in turn, manage and mitigate risk with their extended network of suppliers. These five steps can help:
Communication And Assessment:
Management of this critical risk begins with establishing internal responsibility for procurement and reviewing a partner’s process security. The legal departments and technology and specialist department heads in all business areas must be involved in this.
Executives need reliable threat intelligence on supply chain attacks to make informed decisions about the risks to the organization. Procurement and data security must be communicated to partners and stakeholders clearly and effectively.
Detailed Operational Visibility:
Dedicated industrial cybersecurity solutions can address OT-explicit difficulties like the absence of normalized innovation, utilization of exclusive conventions and a low capacity to bear disturbances of primary cycles.
A stage that constantly screens and identifies dangers across the OT organization, interfacing with your association’s current security organization and all passage focuses with your inventory network accomplices, stretches out this permeability to every vital accomplice.
Consistent Cybersecurity Standards:
Stay current on new regulations (such as the planned IT Security Act 2.0), bars, and news cautions. Follow industry-explicit proposals and execute them rapidly.
Increasing Awareness:
With the introductory danger scene, numerous chiefs and board individuals have become mindful of the requirement for viable modern online protection to guarantee efficiency, accessibility, dependability, and security.
As security chief, jump all over the opportunity to acquire cross-useful and cross-departmental help for current and future modern online protection drives.
Collaborative Approach:
Your supply chain is indispensable to your organization’s biological system. Like this, it should likewise be coordinated into your security environment and safeguarded similarly to your “inner” frameworks. Cloud-based arrangements work on secure availability with essential accomplices in the production network.
They can further develop security, update all the more effectively, and add new highlights quicker.
Cloud change isn’t doable in certain businesses because of legitimate prerequisites. In any case, it is additionally conceivable to set benchmarks, trade reports, and experiences about weaknesses and the particular OT network security levels with the accomplices in the store network. Production network online protection is a cooperative and testing task that must be achieved through a joint effort. Luckily, there are steps every business can take to decrease risk. The time has come to address this rapidly now.
ALSO READ: Learn All About Information Security!
