The top concern for manufacturing is protecting intellectual property, according to a Deloitte’s Cyber Risk in Advanced Manufacturing report. Manufacturing executives indicate that “at least four of the top 10 cyberthreats facing their organizations are directly attributable to internal employees.” Manufacturing needs to protect a variety of different data sources but lacks visibility to the enemy within. More threats are coming from not only nation state actors but also corporate espionage due to global competition which increases financial incentives for insiders. Global instability increases employee fears of job loss and leads to unscrupulous behavior. Nearly 50% of manufacturing executives lack confidence that they are protected. Are you among them?
The top 3 security challenges for manufacturing which affect dealing with Insider Threats are:
- Risk Assessments - Where to start?
- Insider Threats on the rise - How to look for them?
- Lacking Tools of the Trade - What do I need to get started?
Risk Assessments are a standard best practice for security and risk planning. Unfortunately, manufacturing is typically understaffed or lacks funding and therefore does not have a strong reputation of maintaining a regular cadence of security risk assessment relative to other industries. To reduce costs, nearly 70% in manufacturing are relying on internal assessments since they cannot afford to get external assessments. And yet only 34% had security risk assessments as a top initiative in the Deloitte study. It cannot be stressed enough - that this is the most important place to start.
The advantages of having an outsider look for risks are many. They look with knowledge of your industry and can save you the time and challenges of the learning curve that others had to go through to identify risks. Just like fresh eyes always catch a typo - the same is true for risks. As an electrical engineering intern at a Proctor & Gamble plant - I was asked to conduct an OSHA survey of a Toilet Paper plant. I found nearly twice as many safety concerns as had been previously on the list. Why? Because I went around talking to everyone and asking Why? And What would happen if? Also, as an outsider, I was not to blame in any way for any of the problems found so it was easier to be through and complete. When it comes to the cost of cybersecurity risk - with the average annual cost rising to over $8 million to recover from breaches in manufacturing - it is time to be through.
Free can be a good thing
Now is also an optimal time to take advantage of the many offers from vendors for free services and longer trial periods. Even though there is overhead associated with managing vendors. This is a time when vendors are going to be the most flexible with trials and pricing. Now is a time for discovery. Identify threats, learn and then convince your organization to try new things.
Insider Threats on the rise - How to look for them?
The Verizon report continues to document that insider threats are rising in all sectors and especially in manufacturing. But how do you look for them when you have fragmented networks in manufacturing environments? I recommend that you start with employees and their favorite toys - laptops and phones. The more you can monitor the tools that they use, the more patterns of interaction with sensitive data will rise to the surface.
For insider threats, security teams need to become best friends with Human Resources. HR can share information regarding employee turnover. Knowing which groups or which teams have the most turnover can help establish a test group to show immediate results or insightful findings as to insider behavior. Also Human Resources may have funding for education that you can use for security and partner on cyber initiatives. How can HR notify security teams when employees have resigned. A tighter loop of communication and awareness between these two teams can highlight some joint areas for collaboration that will immediately tighten security overall.
Monitor at the source
Next, prioritise your assets. What is the information that would be most valuable to competitors and where does it originate from. Monitor at the source. Then monitor endpoints. Choose a SaaS version that will give you the visibility you need across your endpoints. Think about how data is shared and where it is stored.
Try to understand what the value of the assets you have is and what motivates individuals might have. The challenge will be to focus on the higher value items first. Another perspective is to start with the largest group with access to valuable information. It may be easy to get overwhelmed by the variety of motives behind security incidents. However, fundamentally, it is not surprising that they are led by financial theft. Start by identifying who has access to the money. Or who has access to new information that in the hands of your competitors would place you at a disadvantage.
Identifying and protecting your intellectual property is crucial. Focus on users with access. See if you can try to focus on your executives who will be the target of attacks.
Start by monitoring a specific type of information. Financial information from a particular server. Or by monitoring the financial team and their devices. Don’t try to classify and label everything - or try to control how people work and collaborate. Initially, it is time to observe. By observing first you will then be able to seek to understand why people use certain tools or use USB sticks to transfer information.
Once you understand the objectives and business goals you can start to establish policy as to how, when and where information can be shared. With a policy, you can then begin to educate and then take action if necessary when it is violated.
Lacking Tools of the Trade - What do I need to get started?
The unfortunate reality is that manufacturing is lacking not only budget, and the right tools but the experienced staff to address the complex security challenges that it is facing.
The best way to develop your security skills is to consider how to cross train your team. How can you implement job rotation or job sharing that will help expand the skills your team has. Again, it may be outsiders that are most helpful. Establish a security task force and seek volunteers from other teams. HR may again be a good partner. Finance may be another. You may discover that there are technical skills and security savvy people throughout the organization. By discussing security issues with a broader audience you will increase organizational awareness and support to address some the most urgent needs.
If you want to compliment your team or need help to get things started, again, I recommend relying on some of the vendors offering free training and services as a unique opportunity to learn new skills or augment your team with a Managed Services provider. Cyberhaven is one of them.
Cyberhaven is a simple SaaS solution that can be quickly installed as an agent across your endpoints. It instantly starts to monitor all data flows across your endpoints, to servers and traversing cloud applications. Cyberhaven will create a risk profile based on the data sprawl it observes. Cyberhaven will provide you the visibility you need to understand how users are using and sharing information across your organization. Starting with a non-intrusive solution will allow you to focus on high value data sources, such as new product designs. You can follow your IP wherever it goes. Once you know how data is being used, you can begin to put effective protection measures in place from education to blocking if necessary. The most important step you can take is to take the first step understanding what your organization’s exposure to insider threats is.
To learn more about top challenges manufacturing executives are going through, we spoke with Arun DeSouza, CISO of Nexteer Automotive. Check out the webinar!
Topics: Insider Threat