Protecting Manufacturing Operations from Ransomware

The cyber-security threat landscape is becoming increasingly complex and diverse. Cyber-criminals are consistently rearming themselves with new techniques and technologies that threaten all companies within the manufacturing sector. Over the past couple of years ransomware has emerged as the preeminent cyber-threat faced by manufacturers.

Ransomware in Manufacturing

Recent surveys have shown that ~ 60% of manufacturing companies have been victimized by at least one ransomware attack over the past two years. The year over year trend shows a steady increase in the number of attacks being reported. This does not include those attacks that go unreported. A few alarming trends include the following:

• ~ 40% of those companies victimized eventually paid a ransom in exchange for the data encryption key. In some cases, the data was recovered, in others the hackers kept the payment as well as the data.
• The average amount of ransom paid has been more than $1.5M.
• The average total cost of a successful ransomware attack has been calculated at ~ $4.2M. Costs that include:
  • The amount of ransom paid
  • Monetary value of production and revenue loss
  • Post-attack cyber-security improvement initiatives

The Stages of a Manufacturing Ransomware Attack

Although attacks can vary in terms of methodology, targeting, and timing, most follow a similar pattern.

• Campaign: Campaigns can take several forms but the most common is the use of email. These sophisticated phishing attacks are engineered to encourage the recipient to download the embedded malware.
• Infection: This is the point where the malware has been embedded into the device or machine. The infection remains dormant and invisible.
• Search: Now that the malware has a foothold it will begin to search for operating files to contaminate. This can include on-premise files as well as files stored within a cloud environment.
• Encryption: This is the final stage of the attack. The malicious actor uses symmetric encryption to compromise as much system and operating data as possible. This can bring individual assets or an entire asset ecosystem to a complete halt.
• Extortion: The attack culminates with a demand for a ransom payment. The attacker demands payment for access to the decryption keys that will allow for return to data access and operational control.

The Consequences

Ransomware attacks can have a devastating—and long-lasting—impact on the targeted enterprise. As these attacks become more sophisticated the havoc they create is more widespread, harder to detect, and more difficult to mitigate. The crippling effects from these cyber-attacks can include the following:

• Disruption of operations: Depending on the scope of the attack, a single asset, an entire factory, or a chain of interconnected factories can be disabled. After the ransom is paid it can take weeks or months to recover to normal operational status.
• Loss of critical data: A ransomware attack can result in the temporary—or sometimes—permanent loss of sensitive data. This data can be related to asset performance, financials, suppliers, etc.
• Degradation of supply chain: Suppliers can be impacted by a ransomware attack on a manufacturing company. Suppliers may be hesitant to continue a business relationship with a company that appears vulnerable to cyber-attack.
• Loss of reputation and market share: Operational and financial disruptions can create a loss of confidence within the company’s targeted market. Market share can be temporarily or permanently impacted.
• Financial loss: In addition to the ransom that must be paid, all the above will contribute to economic loss and degraded bottom-line performance. This can negatively impact the ability to invest in future technology and innovation.

Manufacturing Ransomware Attack

Ransomware Protection –  AI-Enabled Security and Monitoring

How can manufacturing companies better protect themselves from ransomware attack? The solution lies in the ability to embed AI-enabled security protocols directly into a machine, device, or process. This self-learning cyber intelligence enables a closed-loop ecosystem of security that provides early detection, predictive impact assessment, and rapid mitigation of even the most sophisticated attacks. Features of an effective security and monitoring solution will include:

• Real-time, automated, threat monitoring: AI-enabled data synthesis and live regression analysis closes existing gaps in threat assessment accuracy and provides continuous insights into current and future threats.
• Predictive threat mitigation: Existing security architectures lack the ability to quickly determine the most effective mitigation actions and to activate those measures across the ecosystem. Breakthrough security and monitoring solutions provide the active learning, scenario analysis, and virtual triage needed to accurately predict the most effective reactions to potential ransomware attacks.
• Reduced cloud dependence: Critical security data is processed at the endpoint or the edge, significantly reducing the manufacturing infrastructure’s reliance on cloud environments for data analysis support. This more asset-centric approach to data processing creates several advantages, including:
  • Tighter control of data:Edge and Endpoint data processing allows stakeholders to implement data management protocols that provider tighter control of data access and sharing. Most cloud environments are more difficult to manage.
  • More secure connection: Since critical/sensitive data is processed locally, the security and connectivity of that data is more reliable. Cloud connectivity issues are no longer an issue.
  • Reduced data exposure: Sensitive data can be stored, processed, analyzed, and acted upon locally. If applicable, less sensitive data can be sent to the cloud for processing. This significantly reduces the risk of exposure of critical manufacturing asset data.
• Real-time visualization: Drag and drop dashboarding provides easy customization of visualized data required by security stakeholders throughout the manufacturing ecosystem. Ease of use augments the value of the data being represented.

For the foreseeable future, manufacturers will continue to be targeted for ransomware attack. However, new AI-enabled security and monitoring solutions will provide more robust protection and mitigation against these insidious attacks.