- December 14, 2020
- Tag: Manufacturing
Some of the most dangerous cyberattacks within the manufacturing industry are caused by Insider threats. Losses associated with this type of threat often range in the tens of millions of dollars. As the frequency of security incidents keep rising, manufacturing companies must also endeavor to implement both technical and administrative security controls to ensure the confidentiality, integrity, and availability of critical data and operational processes.
According to Ponemon, insider threats have caused losses worth $11.45 million on average to organizations in 2020. The same report also shows that the average cost of an insider attack rose by 31% in just two years, and the number of incidents increased by 47%. These insider threat statistics are a testimonial to the severity of insider threats and how they are on the rise. Each breach causes significant damages, but the cumulative impact raises the total cost to millions.
Verizon notes that insiders were part of 57% of data breaches. According to the US CISA, the manufacturing sector reported the highest number of attacks on control systems among any critical infrastructure sector. So, how do manufacturing organizations safeguard themselves against insider threats? Combating insider risks requires understanding them.
Understanding Insider Threats in Brief
An Insider threat in cybersecurity refers to any individual, who holds authorized and privileged access into the information systems of an organization, and uses said access to compromise normal operations – knowingly or unknowingly.
This insider threat definition is not limited to just primary employees, but also subsidiaries, vendors, suppliers, and other third-parties with authorized access to critical information assets or facilities can be considered as “insiders.” Such insider threats usually show several signs of risky behavior before taking part in an adverse incident.
Insider threat indicators signs could include an unusual signing into the network late at night, transfer of surreal amounts of data within a short duration, or uncommon access to resources. Some Insider threat examples that pose risks to manufacturing operations include:
- Malicious actions such as fraud, damage to physical data assets, sabotage, IP theft, and more.
- Disclosing proprietary or confidential information, either knowingly or unknowingly.
- Downloading malware or compromising the cybersecurity posture of the organization.
Common data exfiltration trends associated with insider threats in 2020
(Source: Statista)
7 Steps for Effective Insider Threat Management in Manufacturing Environments
- Providing Insider Threat Training: Organizations should raise insider threat awareness among employees in general and among executives, particularly with a dedicated insider threat program. Such programs can reduce the risks of negligent actions and can help all employees follow cybersecurity policies.
- Managing Third-Party Risk: According to the report by Forbes, 53% of organizations have experienced breaches caused due to third party actions. Manufacturing executives should consider providing training to such parties and keep track of who has access to systems.
- Recognizing Insider Threat Indicators and Mitigate: Organizations must possess the monitoring tools and staff necessary for identifying the signs of insider threats. Remote monitoring and management tools help admins to detect changes to active directory, mass file deletions, anomalous access to resources, and so on. They can then take action as necessary.
- Understanding Digital Needs and Adjust Accordingly: Remote work, using public WIFi, personal devices, and shadow IT are other sources from which insider threats can act. Organizations must achieve the necessary balance by proactively adopting policies that prioritize both security and ease of use for employees.
- Controlling or Eliminating Email Links and Attachments: Emails are the primary vectors for attacks. Organizations can install anti-phishing and anti-malware solutions and hire experts like GoldSky Security to perform real-time assessment of your organization’s security posture.
In Closing
An insider threat vulnerability is a significant risk to a manufacturing organization. By training employees, assessing third parties for vulnerabilities, deploying proper controls, and understanding the threat landscape, organizations can mitigate the risk and protect themselves from catastrophic losses to revenue and reputation. However, this might not be as simple as it may sound.
Employing robust security measures requires significant field experience, which may not be possible for personnel involved in the manufacturing environments; hiring an experienced managed security provider or MSP with hands-on experience in tackling insider threats could be the ideal choice for such scenarios as they can guide you in the right direction, letting you focus on your business objectives.