Industry 4.0 held to ransom

Digital technology, automation and the Internet of Things are dramatically improving manufacturing quality and reducing costs. Industry leaders know that embracing Industry 4.0 is the only way to survive, and that the use of real-time data provides a competitive edge to work more efficiently, boosting those all-important margins. Still, this revolution brings with it new cyber risk which could stall production – and even put a stop to business altogether.

When digital ambitions outpace cyber defences

PwC has reported that around 74 percent of UK manufacturing firms expect to drive high levels of digitisation and integration by 2021. However, separate research by the EEF also tells us that nearly half of manufacturers have not increased their investment in cybersecurity over the past two years. Clearly, many companies are in danger of allowing their Industry 4.0 ambitions to outpace their approach to cybersecurity.

For manufacturing leaders, defending against cyber-attacks should be high on the agenda. The sector has been well-known to trail other industries in adopting new technologies, and now it’s playing catch up it is left more vulnerable to new types of attacks, including ransomware. With Symantec recently finding that manufacturing was the second most affected sector by ransomware, this is one threat that simply cannot be ignored.

The risk of ransomware

Ransomware is a software that encrypts files and data on the victim’s infrastructure, blocking any usage of such files and data until a sum of money is paid. For manufacturing firms, this could grind production to a halt, damaging customer relationships and incurring huge costs.

Ransomware can be easily delivered in the shape of a simple phishing email. An employee will open an attachment which encrypts the data in the user’s system and lets them know how much money they need to pay to get the decryption key. With the EEF also finding that 20 percent of manufacturers don’t make their employees aware of cyber risks in company policies, it’s easy to see why they are particularly susceptible.

Traditionally, the damage done by ransomware has depended on who in the company is targeted. However, more recently we have seen variants of ransomware that don’t limit themselves to encrypting solely what is on a PC’s hard drive. Instead, they use ‘privileged’ accounts – i.e. those which provide advanced access – on the infected PC to move more widely within the network, searching for a variety of file types and making them inaccessible. This means attackers are finding alternative ways in to find sufficiently important files and data, at an even greater cost to businesses.

Defending against ransomware

Most anti-malware and anti-ransomware solutions today focus on detecting and blocking malware at the point of inception. These solutions can be helpful when you know what you’re looking for – but when it comes to ransomware, there are new variants coming out every day. It’s therefore advisable to have a multi-layered approach, employing application control and removing local privileges (i.e. the ability to access more sensitive parts of the network) from regular PCs. This will reduce the attack surface and block their progression.

Steps must also be taken to protect the most sensitive files in the organisation. Employing greylisting - an approach that allows unknown applications (i.e. the latest ransomware variant) to execute harmlessly - blocks ransomware from being able to access or encrypt your critical files.

It’s also critical that companies back up their sensitive information on a regular basis and keep multiple generations of backup. This means that in the event of a ransomware infection they will have the option of wiping the system and restoring from backup, rather than paying this ransom. With Trend Micro finding that only 45 percent of companies infected got their data back upon paying the ransom, this could be the key to keeping operations running.

Manufacturing companies must embrace Industry 4.0, but this should not be at the cost of protecting their highest value assets. Equal time and investment must be put towards improving cybersecurity and preventing fast-growing threats such as ransomware attacking the heart of the business.

By Matt Middleton-Leal, Regional VP for the UK, Ireland and Northern Europe, CyberArk

Follow @ManufacturingGL and @NellWalkerMG