Keep in mind:
Design & Development — Manufacturers have additional exposure in their design and development departments where all their intellectual property (IP) is created and maintained. Thieves value this data highly, as do the companies. The endpoint devices the product designers use to access their work are probably the most vulnerable point of entry for cybercriminals and must be carefully and comprehensively protected.
Factory Floor — Today’s factory floor was built for production, not cybersecurity and is often rife with security vulnerabilities. Industrial Internet of Things (IIoT) technologies and techniques have found broad acceptance and application in all kinds of factories. IIoT sensors monitor activities that used to be watched by people. IIoT controls work with those sensors to automatically make critical adjustments required as work proceeds. Event-driven-architecture enables the completion of a task by one machine to trigger the start of the next process by another machine. All these sensors and controls may connect to locally deployed routers and servers for processing and eventual interaction with the core network.
Most manufacturing machines today are controlled by Industrial Control Systems (ICS) which are responsible for machine operation. Originally, ICS were custom-built for the environments they were going to work in. Attackers would first have to figure out how those systems were designed before they ever had chance to attack them.
Over the past few years though, most have been moved into industry-standard x86 computers. Now attackers can use the same weapons and malware to attack ICS that they use to attack any other system.
Product Distribution — Once a factory completes the manufacture of products, they must be shipped out to distributors, retailers, and other sales outlets to be sold to consumers. This supply chain is also extremely susceptible to attack. TFI International, one of the largest trucking and logistics companies in North America, was targeted in a ransomware attack. The ransom was in excess of $6 million, according to Freightwaves. The flow of electronic data interchange (EDI) required to process orders, once compromised, can be completely disrupted, stopping transactions in their tracks.
Configuring Complete Solutions
Channel partners are ill-advised to see security as a “point-solutions” opportunity. A complete data and network security solution comprises a variety of layers of integrated products along with the consulting, design, deployment, integration, and ongoing service and support programs required to keep everything fully updated, patched, and operational.
Be sure to check off each step on this list:
IT Hygiene is accomplished by adhering to a well-defined set of best practices that begin with gaining visibility into several key data sets:
What assets are on the network? You must be able to see exactly which assets are on your network, including any device that is interfaced to the network in any way. This will keep you informed on every device you need to proactively manage and will also alert you should any unauthorized device suddenly appear.
Has the network been exposed to new vulnerabilities? The sooner you see an attack occurring on your network, the sooner you can respond to it and stop or mitigate it.
Are patches on all systems fully up-to-date? Many patches are released to improve security or resolve discovered vulnerabilities. These must be deployed upon release but must also be evaluated by your IT department prior to deployment. High quality policy development leads to high-quality rapid patch evaluation and deployment.
What applications are running? Are they properly configured and deployed? Whether in the back office, on the factory floor, or in the flow of order transactions, every application in use must be monitored, supported with optimal resources, administered properly, and protected against attack. The first step to accomplishing all of this is knowing that each application is there and running. The second is assuring that they are properly configured within your established policies.
How quickly can a threat be identified, isolated, and remediated? Security experts must always feel the need for speed. When under attack, time is of the essence. Technologies deployed to identify attacks and tools in place to stop them must be tightly integrated to minimize response and resolution time.
An ounce of prevention is definitely worth a pound or more of cure. Here are some ways to prepare in advance and mitigate the impact of any possible attack:
Data Backup — Attacks like those executed on Colonial Oil and the JBS meat processing plant were designed to deprive those companies of access to their data. Had they had very recent backups of their data available, they would not have had to pay the ransoms. They could simply restore that recent backup, re-double their security vigilance, and continue operating.
Today’s data backup best practices begin with off-premises backup, so there are at least three copies of all data on at least two different media and at least one off-site. This is often referred to as the 3–2–1 Rule, and it is critical to mitigating risk of data compromise.
Be sure to check with your cloud data backup provider to assure that a copy of your data is replicated on storage that is air-gapped, not connected to the network where attackers can corrupt it too. Just as they can encrypt your live data, many attacks also encrypt your backups.
Staying Current — Keeping everything updated is also a critical risk mitigation best practice. Each release of server and endpoint operating systems (OS) have an end-of-support date after which security and other patches are no longer released for them. Cybercriminals seek out those who are running out-of-date OS versions because they know they’re unpatched against new threats and very vulnerable. It may seem more cost-effective to keep equipment running well past its useful life or depreciation horizon, but it’s a false economy. As soon as they are attacked, the cost of this shortsighted approach becomes all too terribly clear.
Network Segmentation — Just as different operations within a company are housed in separate offices, network operations should always be segmented into virtual local area networks (VLAN) so it becomes difficult for any attack to spread.
Cyber Insurance — As with any financial instrument, care must be exercised in vetting and evaluating cyber insurance providers. Some may require you to use their choice of service delivery providers, which often can be far inferior to your preferred choice. Some may include highly stringent conditions that all but eliminate any chance of collecting on claims. You will find some who provide excellent, responsive coverage.
Every Manufacturer Needs Effective Security
The important takeaway is that securing manufacturers’ operations represents a broad host of opportunities for channel partners who pursue it properly. While some security is better than no security, the reality is that security is only as strong as its weakest link.
Serve your customers best by recommending a comprehensive approach to security at every stage and every segment. Should they have challenges affording this, talk to your TD SYNNEX representative about funding opportunities that enable your manufacturing customers to enjoy the full security experience they truly need.
For more information on TD SYNNEX IoT and Security solutions, please visit https://techdata.com/iot and https://techdata.com/security.