• Scott Leach, Vice President APJ at cybersecurity firm Varonis

In February 2021, Security Intelligence reported a 156 per cent increase in ransomware attacks on manufacturers worldwide.Some of the biggest attacks included a demand for $US17 million  from a Taiwanese laptop maker and another attack for $US34 million from an electronics manufacturer for Apple.

Verizon’s 2021 Data Breach Investigations Report also found the manufacturing sector facing a significant increase in ransomware attacks. These accounted for 61.2 per cent of all breaches in the sector analysed by Verizon.

None of these reports offered any reason for this surge in attacks on manufacturers. Still, it has been well-reported that the increasing interconnection of legacy operational technology (OT) and newer information technology (IT) systems has greatly increased the attack surface for manufacturers.

OT can now be compromised to gain access to IT, and vice versa. To make matters worse, OT systems were historically isolated from the internet and therefore were not designed to face cyberattacks.

Manufacturers must double down on security, and ensure their data is protected and managed safely. This is particularly important for customer data and intellectual property, which could be extremely valuable to a rival organisation.

Taking a data-centric approach to security

Traditional security measures rely on a ‘walled garden’ approach. Anyone within the walled garden–i.e., employees, contractors and those granted network access–are automatically assumed to be trustworthy, and not verified.

Instead, a data-centric approach utilises a zero-trust model, where no-one is assumed to be trustworthy and every access attempt to sensitive data is verified.

Typically, the identity of the accessor, the device they are using, their location and the data they are seeking access to are all checked against pre-authorisations.

There are plenty of technology solutions available to implement a zero-trust policy. The hard part for any large organisation that typically holds thousands of files is managing this authorised access to data: deciding which employees need which files to do their jobs, and keeping track of access attempts to detect any potential suspicious activity.

Securing millions of files

Take, for example, the following large U.S.-based manufacturer (anonymised for privacy): with more than nine terabytes of data spread across more than 11 million files, in 1.4 million folders and almost 10 million permissions, this company faced a considerable challenge in securing its data.

It had no idea of the size of its attack surface, or how much of its sensitive data was exposed. It decided to build a data governance structure from the ground up, starting with a data risk assessment with assistance from Varonis. It quickly discovered that everyone in the company had access to over 90,000 social security numbers, presenting a serious risk.

In addition to pinpointing the biggest vulnerabilities, the data risk assessment provided actionable steps to help the manufacturer prioritise and fix its largest security risks.

One of the steps it took was to implement technology that monitored all access attempts to company data. When one user’s account received over 300,000 hits in a very short period of time, the security team was alerted and able to quickly determine whether this activity was malicious or just a technical problem.

However, zero-trust alone won’t offer complete protection against an internal threat, such as a disgruntled employee who decides to destroy important files before leaving a company.

And because they have inside knowledge, they know exactly which files to delete to cause maximum disruption. Again, technologies are available that can detect mass deletion attempts in real time, block them, and restore data rapidly.

However, the moral of the story is, a zero trust security approach needs to be complemented with good data management policies and practices.

Detecting unauthorised deletions

In another example, a major manufacturer supplying the auto industry experienced one of these mass-deletion attacks. Like many manufacturers today, this company is part of a ‘just-in-time’ supply chain, where a single facility ships out car components dozens of times every day and can receive as many as 150 truckloads of supplies.

Without IT systems to support processing of associated documentation, everything comes to a grinding halt.

A disgruntled employee decided to try and sabotage operations before leaving the company, deleting data they knew would cause significant disruption. Fortunately, the company had implemented systems that enabled it to quickly identify what happend, who it was responsible, and restore only the affected data.

The CIO estimated that without such technology in place, recovery could have taken up to two weeks.

Data deletion by a trusted insider is not necessarily malicious: it can also be accidental. One large manufacturer with revenue north of $US1.5b lost an entire shared drive when an employee thought they were only cleaning up their own personal data.

Of course, that data should never have been exposed, but the company was not up to the complex task of safely managing all its data stored at over 40 sites worldwide.

To safeguard against future incidents, it implemented technology capable of limiting access and deletion of data as appropriate.

You can’t protect what you don’t see

In summary, a data-centric approach to security goes well beyond zero trust. Manufacturers must be able to easily identify what data is contained in every file (personal, intellectual property or financial), limit data access to only those who need it, track every access attempt, automatically monitor activity to identify potential attacks, and remove stale data with the click of a button.

Further, all of this information must be presented in a way that enables security teams to quickly understand their overall data landscape, identify any signs of data loss or compromise, and take action accordingly.