The manufacturing industry is in the middle of a new industrial revolution, commonly referred to as Industry 4.0, which has brought rapid digital transformation of manufacturing processes with the help of cloud-based data and automation.
We’ve witnessed major steps taken towards automation, and as industrial IoT is becoming increasingly mainstream, the industry has reached a point in the process where it is now critical to acknowledge and deal with the limitations of existing IT infrastructures as well as the vulnerabilities that come with it.
2017 is largely remembered as the year of ransomware, with attacks such as WannaCry, Samsam Petya and GoldenEye plaguing companies around the world by successfully managing to penetrate their cyber defence systems. Whilst the financial sector is typically seen as the main target for these types of attacks, in reality it tends to be more profitable for hackers to target the manufacturing industry. In fact, manufacturing was in 2017 the most targeted industry for hackers, with just over a third of all documented attacks in the second quarter of 2017 targeting manufacturers. Nearly half of all UK manufacturers today have admitted having been subject to a cyber security incident in recent years, highlighting the urgency of action needed in protecting this business essential data.
Ransomware attacks on manufacturers are particularly severe and costly, and thus profitable for hackers, due to the immense disruption such an attack causes to operations. Manufacturers today are using increasingly digitalised operations in every aspect of the manufacturing process, yet many of them are still running legacy systems which are extremely vulnerable to ransomware and cyber-attacks. Highly digitalised processes combined with weak IT infrastructures therefore provide a vulnerable attack vector for hackers to severely disrupt or even halt production completely, making it an extremely financially attractive option for hackers. Simply put, the more the ransomware can disrupt the entire manufacturing process and widely halt operations, the higher the price tag of the ransom as businesses will be desperate to get back to operational to minimise damage.
Even though they deploy IoT devices and SAP systems on advanced IT infrastructure, manufacturing companies are largely known to lack focus on IT and data protection. Even today, following years of targeted cyber-attacks on the industry, we see manufacturing companies failing to appropriately invest in efficient data protection and recovery systems to protect the most important asset of any organisation – data. Furthermore, by tending to depend on external vendors for firewall configurations and IT management, they are effectively left oblivious to what systems and data they actually own, and hence what needs protecting.
Getting to Know Your Data
When an organisation is hit by a ransomware attack, the resulting downtime of production and operations will affect both productivity and profitability, not to mention the credibility and reliability of the company. This type of downtime can be fatal for many companies, especially SMEs.
The importance of data protection is rightfully emphasised; however, the truth is that an attack today cannot be considered a question of if, but when. In 2018 alone, ransomware attacks were up by 102% during the first six months of the year from 2017. With the probability of an attack this high, more attention clearly needs to be paid to actions taken after an attack has taken place.
The first thing that should happen after a ransomware attack is to regain access to the hijacked data as soon as possible in order for the business to remain operational. However, in order to do so companies must be aware of the data they possess, as well as the level of importance of each byte. Whilst everyone’s first instinct in this situation would be to immediately try to recover everything, this is not a viable option if you need operations to resume as quickly as possible. What many fail to realise is that not every byte is immediately critical for business operations.
Companies must therefore firstly identify key workloads without which the business cannot operate. These workloads will then be a priority when the recovery process is created. An effective recovery system works by ranking data according to its importance for business continuity and then recovering it accordingly. In order to do so however, organisations need to know their data and have done extensive testing before an attack gets the chance to paralyse operations.
Getting familiar with your data and ranking it according to importance is however only the first step towards an intelligent, fully-functional data recovery system. Next the systems will need to undergo thorough auditing in the form of disaster recovery testing, because the only way we can know if something is working up to set standards is to try it out in different scenarios. Complex systems can quickly become interdependent, and it is imperative not to leave out a security system that a business-critical function requires to operate. An expert disaster recovery test is designed to expose IT infrastructures to worst-case scenarios to provide administrators with knowledge into how long it would take for them to recover data, restore business critical applications and resume business operations. Testing a recovery system is thus as important as setting it up: security solutions must be personalised to the specific needs of each organisation, and should furthermore be seen as an ongoing process which needs regular testing to ensure its capabilities to recover data remains.
By having an idea of what is most important in order to keep the business running, organisations can manage their recovery system and its cost to best suit them. Planning and categorising in this way also enable IT to go back to the workload owner and tell them exactly how much it costs to run their workload and how much it will cost for high survivability per month, for example. It could even help to save money on storage, ultimately meaning the process pays for itself.
Zero Day Recovery: The Last Line of Defence
By investing in an effective Zero Day Recovery system, companies can rest assured their business-critical data is protected as it can bring essential data back in a moments notice. In case of a breach, when deployed correctly and tested thoroughly, the solution can hence reduce the impact of an attack from a business halting nightmare to a minor, easy-fix headache.
Zero day recovery enables IT operators to quickly bring workloads and data back into operation in the event of a ransomware attack or an IT outage. It further allows IT departments to join forces with cyber teams to create common policies defining the architecture for cloud based offside data storage, following the so called 3-2-1 backup rule: three copies of data stored on two different media and one backup kept offsite. This policy can then assign an appropriate storage cost and therefore recovery time for each workload. It could, for example, mean that a particular workload of high importance can be brought back into the system within 20 minutes while another less-important workload can wait a couple of days.
Setting up an efficient data recovery system is an often-overlooked piece of the security puzzle, yet one which has the ability to save businesses a lot of headache in the worst-case scenario. Should all defences fail, the most important thing for any organisation is to retrieve lost data and thus get the business back to operational as quickly as possible with minimal damage to the company. This is because the true damage is not done by the ransomware attack itself, but by the downtime it causes. A proper Zero Day Recovery system has the potential of saving organisations a fortune, by minimising down time and thus financial and operational losses.
Malware combined with IoT and increasingly digitalised operations have provided hackers multiple entries into IT systems. This trend has particularly been felt by the manufacturing industry, as a combination of wide digitalisation of operations and legacy systems have been taken advantage of. Modernising IT systems and setting up an effective recovery system to retrieve data held at ransom is crucial for manufacturers in order to stay afloat, as ransomware attacks are not only increasing in quantity but also becoming more sophisticated and advanced, making them harder to detect and protect against.