Could Outdated Operating Systems Lead to System Vulnerabilities?
IoT Devices are increasing the risk of cyberattacks to industrial and manufacturing businesses.
Legacy machines are a complicated topic.
Do you have a machine in the corner of your operations that runs a specific legacy application? Maybe the device is only used once a quarter; that might be running Windows 95? You may just have identified the risk. Next steps, evaluating and making sure the budget and resources are spent reducing the right risk.
If it is office machines, the path to upgrade is more manageable. But the challenge presents itself when these legacy systems are tied to manufacturing equipment. The best practice is to upgrade because upgrading ensures the OS is patched and updated with the latest security measures. It also provides that reactive security measures (like anti-virus/malware) and proactive software (intrusion detection/prevention) can run. But, the practicality of upgrading can usually lead to upgrading legacy software, which creates a larger project.
Typically, Black Bottle IT suggests taking a practical approach if the legacy machines are accessible outside the internet (outgoing or incoming) or accessed by other devices on the network. There is little choice but to keep current with the OS upgrades and all the related costs. However, if the legacy can be isolated, there could be a case to align the OS upgrade to the legacy software upgrade.
Some Stats from the Internet of Things Marketplace
Internet of Things (IoT) devices are increasing the risk of cyberattacks to industrial and manufacturing businesses, according to a report published by Lloyd's in partnership with cyber analytics specialist CyberCube and reinsurance broker Guy Carpenter.
58% of IoT adopters believe IoT is increasing the risk of cyberattacks. However, half of IoT adopters claim that they do not have a plan to prevent losses from possible security threats. Gartner predicts that 25% of attacks will involve IoT, while the spending on IoT security will reach $547 million.
Examples of IoT in Manufacturing
Efficiency – Sensors and machine productivity metrics are gathered, sent to a cloud-based analytics engine, and gives shop floor managers data to determine new improvements or measures existing initiatives. Lots of data is leaving the facility, but
Quality – Sensors that monitor the calibration of machines, environmental conditions, and machine health are all data points that can be used in a quality management program.
Safety – Monitoring environmental conditions, worker movement, and health metrics (like a heartbeat and body temperature) are all used to alert shop floor managers/doctors of dangerous situations and predict/prevent employee injuries.
Security Risk/Solutions
The collection of this data, especially the health metrics, poses a significant liability. Since the sensors are small and widely distributed, the flow of this information needs to be architected to allow the company’s internal detection/intrusion network segments to ensure that threats are discovered/ prevented. Most internal IT staff/3rd Party Managed Service Providers do not have the expertise to monitor and respond to this activity, so hiring an in-house Security Operation Centers (SOC) or engaging a 3rd party is an excellent solution to mitigate this risk.
Incident Response
The bottom line is that some manufacturers are about to get hacked.
No one is safe.
What are the considerations manufacturers should be aware of with their exposure?
Learn how to respond to incidents once they have been hacked.
How do I protect my business and the employee if I am compromised, and more information is leaked from my organization – insurance, identity theft, employee identity monitoring, dark web monitoring.
Mitigation of this risk is multi-pronged. There is no silver bullet.
Insurance – This mitigates the financial risk of responding to a data breach. Still, a data breach has more consequences than monetary; the company’s reputation (internal employees/external clients/vendors) is also at risk.
Dark Web Monitoring -- is an excellent way to gauge the threat level; it will quantify the amount of sensitive information that could be used fraudulently. This should be used more as a ‘scorecard’ regarding the impact of security measures rather than any preventative or proactive approach.
Employee Identify Monitoring – Again, this is more of a measurement of the program in place to keep data safe. However, this does provide some actionable intelligence for each employee/Company to act on to remediate any situations.
Email hacking; really incident response
Most email hacks begin with a phishing email that asks for credentials. Security Awareness Training is key to reducing this risk.
Security Monitoring (client-based or location-based) with the corresponding SOC team monitoring the activity is another layer that will report suspicious activity, and the appropriate response can be taken.
Ransomware
There are client apps that can prevent most ransomware. These are all client-based solutions, so this assumes all computer endpoints have it installed. Not 100%, but it’s a layer.
The only proper ransomware prevention is good, tested backup procedures and the frequency that makes sense for each organization daily.
Getting around backups and preventative measures, etc.
Active Hunting -- Having the Intrusion Detection/Prevention Monitoring with a related SOC team can actively hunt for threats before an actual data loss/incident occurs.
Hackers being in the system for months
This is true; most attacks happen in small phases, searching for the network vulnerabilities systematically. Looking at activity by itself is not enough; correlating lots of action begins to paint a picture that a threat actor has infiltrated the perimeter and is searching for valuable data to steal.
This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a manufacturing company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. Want to learn more about what Black Bottle IT has to offer your business? Feel free to reach out to us today and see how we can help.
