Visibility into Vulnerabilities Key to Mitigating Ransomware Risk
The number of ransomware threats have increased of late, and the manufacturing industry — and the supply chain in general — is particularly vulnerable, a report from San Francisco-based cybersecurity industrial control system (ICS) company Nozomi Networks found.
Andrea Carcano, Nozomi’s co-founder and an ICS expert, says recent threats — most notably, the Colonial Pipeline ransomware attack in May that impacted fuel supplies — as well as training and education have increased awareness about ransomware threats disrupting manufacturing operations and other supply chain systems.
“Until now, there has been a general feeling (among companies) that ‘It’s not going to happen to me,’ that they are far removed from threats,” he says. All too often, companies haven’t updated their cybersecurity measures and software, leaving them more vulnerable to threats and ransomware attacks, as threat actors know how to crack such systems, he says.
“The good news is that it’s changing,” Carcano says. “The bad news is that it probably isn’t fast enough.”
Why supply chains? He notes several reasons:
- Money has become prime motivation for threat actors. In the past, threats focused on acquiring user passwords and credit card numbers, but many companies have developed mechanisms to better handle those types of attack, Carcano says. Threat actors today are looking for monetary value, Carcano says — and ransomware can provide it.
- The supply chain, including manufacturing and logistics, already has been heavily impacted by the coronavirus pandemic, making it an even more vulnerable target, he says. A ransomware attack now in the transportation sector, for example, can have a much greater impact due to the existing disruption, he says.
For threat actors, a ransomware attack, like other cyberattacks, often starts with an employee opening an attachment containing malware, Carcano says. “In theory, that shouldn’t be a problem — if there is state-of-the-art security that’s done properly, that computer shouldn’t be able to communicate with the supply chain,” he says. “But in reality, what we’re seeing is that segregation doesn’t exist anymore.”
Ten years ago, the workplace was more insulated — employees used their work computers only in the office or plant, and went home, with no work internet access. Today, however, systems are interconnected, making visibility is a critical part of business: “We want to have data in real time,” Carcano says. “We want to know in real time how our supply chain is doing, and how many pieces we shipped today.”
While increased supply chain efficiency and visibility are a must in today’s world, “the access needed to support increases the possibility of a ransomware attack reaching a standard computer and moving to the supply chain process,” Carcano says. “As soon as a system gets infected, it’s easy for the malware to replicate inside the network.”
It’s essential manufacturers are aware of this — as well as prepared. Carcano offers these suggestions for protecting against a ransomware attack:
- Determine which assets in your network are vulnerable to potential attack. “You need to know what you have in your network; you cannot protect what you don’t see,” he says. “Are there critical assets? Usually, the answer is yes.”
- Install the latest firmware covering the vulnerabilities that can be used for ransomware. This is not a once-and-done measure; it’s constant, Carcano notes. Ransomware threats are continually evolving, he says, “and even though you design a protection, a threat actor discovers another way to attack. It’s a constant battle. But if you’re not protected against what is already out there, you make the life of every attacker easy.”
- Explore options like (1) ransomware-monitoring software and (2) data-recovery systems or replacement machines that contain backed-up data, so operations aren’t interrupted.
While supply chain vulnerabilities are growing and must be addressed, it’s also worth noting that progress has been made over the last six months, Carcano says, as customers want to know where ransomware can penetrate their networks and are taking steps to mitigate risk.
“Everything starts with visibility,” he says. He equates ransomware protection solutions to a home alarm system: If you don’t know how many doors or windows you have, you can’t install the system. It’s the same with knowing where the vulnerabilities are, he says.