John McNeely, president of Knoxville, Tennessee-based Sword & Shield Enterprise Security took a few minutes to talk about the current state of cyberattacks and what manufacturers should be aware of.
Jon Minnick: What are some of the cybersecurity threats that are emerging for the manufacturing industry?
John McNeely: The number one thing that we continue to see from our customer base on a daily basis, which includes members from the manufacturing industry, is ransomware. I know that gets a lot of press already, but that is actually a real threat to manufacturing companies. There is practically not a day that goes by that we don't see some new form or some new variants of ransomware. Our security operations centers run 24/7 and are very diligent about catching those things before they spread and become a really big problem, but it has been an ongoing problem for a few years now. We see no end in sight of that.
Whenever ransomware gets into your system, it encrypts your data and holds it at ransom. We see companies that go ahead and pay the ransom just to get the data back. Sometimes they get the data back; sometimes they don't. We see others that have some better planning and better security measures in place and they are able to recover the data without having to pay. Regardless, it's disruptive and affects operations, especially in manufacturing where anything that disrupts operations and brings on downtime can be very costly. Not just in manpower to deal with the situation, but in opportunities lost. That's really the number one security problem that we see.
Second to that is the ongoing insider threat problem. Insider threats comes in many different forms, but in the manufacturing industry in particular, I would say effective security of intellectual property continues to be an ongoing problem. People preparing to change jobs generally have some telltale signs of activity that may indicate that they are leaving and also that they may be taking some data with them that they shouldn’t be. That's a difficult one for a number of companies to deal with and we’ve had to deal with a number of incident response and forensic cases to determine what exactly an individual may have done and what they may have left with.
Minnick: Where are most attacks coming from and how are they carrying out these attacks?
McNeely: What we see in our security operations center for direct hacking attacks where there is clearly a human on the other side — which includes a direct attack, ransomware attack or some type of botnet — we see most of those attacks originating in the U.S., typically from compromised machines and networks. Outside the U.S. we see a lot of attacks coming from Ukraine, several former Soviet countries, Eastern European bloc countries and China. We've had a number of cases where we dealt with incidents and worked with companies on digital forensics and network tracking those back to mainland China. Those are probably the top countries while there is a new emerging threat from Latin America. We've seen an increase over the last year from some different countries in Latin America, but I don't know if there's really a trend there or it's more than just a continuing surge in cybercrime across the world.
Minnick: Talk about how manufacturers can protect themselves and why backing up data is the single biggest way to combat cyberattacks.
McNeely: I can speak to that a couple of different ways. Cybersecurity is a complex issue for companies and manufacturers. It involves a lot of different dimensions to it. The solution is wrapped up in the people, processes and technology. There is no one, singular solution for it.
For companies to protect themselves, they have to understand where their data is, where their data is stored, how it's moving throughout their organization. It's interesting how many companies just don't have a handle on that. That has been a challenge of late, as well as people adopting different cloud technologies and end-users going off on their own and adopting different cloud applications — what we would refer to as shadow IT. With the use of smartphones and tablets, data is on the move everywhere. It's hard for IT executives and IT staff to really keep track and tabs on where all the data is while it should be a number one priority for a company.
A lot of traditional controls related to network security, identity access management and detection technology are great options to keep tabs on the data. Companies really need to be able to monitor their networks and activity and have a way of detecting any sort of anomaly or incidents. They also need to have the resources to follow up on those.
There's probably a bigger emphasis on backing up data today because of ransomware. Having reliable and timely backups gives a company a way to quickly recover from a ransomware attack if one should occur. Backups also have more traditional benefits to business continuity and operations when problems like failure of network or devices or data corruption occur.
Minnick: Where do you see cybersecurity heading in the future? Do you see companies becoming more proactive towards attacks? Do you feel that attacks will increase or decrease over time?
McNeely: In the foreseeable future we are going to continue to play catch-up. I think that attacks will continue to increase. I think that organizations will find that even with a growing awareness, there is still limitations on executives, IT and security staff to get the appropriate budget. The skills shortage is going to continue to be a problem. If you talk to a number of organizations you find they continue to have open positions in security and that's not going to change anytime soon. Workforce development is a big priority. At Sword & Shield we’re in the process of working with colleges in our region to build better security programs and to help turn out better candidates in security, but that is going to be a years-long process.
Bigger scale attacks and the ability of hackers to monetize data and records continues to grow. Hackers are very resourceful. As long as there is that opportunity for them to make money, we’re going to see hacking activity continue to increase. Compounding that is the whole Internet of Things (IoT) movement. With IoT, essentially every device has an IP address and is connected to the network — collecting and transferring data.
The attack incentives are just going to grow significantly. I don't see anything slowing down and we’re just continuing to ramp up in activity. Unfortunately for the good guys, we have to play a lot of catch-up and sometimes find ourselves at a great disadvantage. That’s why it’s important for manufacturers to be proactive in their security, before it’s already too late.
