2020 may go down as the year that ransomware moved from a nuisance to a serious threat across industries. There were an estimated 304 million ransomware attacks in 2020, and that trend does not show any sign of slowing. Ransomware, in addition to zero-day exploits, phishing and malware attacks, reinforce the need for good cyber hygiene in your organization.
Even if your organization escaped REvil before it vanished, it is only a matter of time before another cybercriminal comes along in search of a payout or some proprietary information.
Luckily, we’re beginning to see companies not just think about cybersecurity from the perspective of defense in depth, but also starting to adopt capabilities that allow them to address cyber risk across an attack continuum.
They’re doing this by focusing on good cyber hygiene:
- identifying what they have and the associated risks
- putting protection mechanisms in place to protect what they have
- detecting when threats bypass those protection mechanisms
- implementing capabilities to respond to incidents quickly
- developing a system to support rapid recovery.
These are the five functions addressed in the NIST cybersecurity framework, and they’re a good place to start to understand what capabilities are needed to implement a base level of cyber hygiene within your industrial control environment.
In addition to these five functions, I also go further and encourage companies to decrease their attack surface. That requires that you not only understand what is connected on your plant floor, but also have a strong understanding of its attack surface. In other words, what are those assets’ vulnerabilities? Then use that knowledge to address the known vulnerabilities by patching them.
To help minimize your risk, consider a security program focused on five key areas.
- Maintain an asset inventory with an emphasis on understanding the attack surface or vulnerability.
- Regularly check vulnerability, patch and configuration management. Have programs in place to address known vulnerabilities, patch regularly and have mature processes around how configuration changes are made and tracked.
- Employ backup and recovery mechanisms for all critical assets to help ensure you have the ability to quickly pull from a known good backup.
- Complete regular risk assessments to measure risk and manage it. Use the assessments to show your organization the level of risk they are exposed to and the resources—time, money, people—needed to mitigate it.
- Assess the level of obsolescence in your network. A key tenet of basic cyber hygiene is the ability to address known vulnerabilities. But, in some instances, a vendor might no longer support a critical asset that could leave you open to a high level of risk, and you would be better off migrating to an updated component.
For all the benefits that smart manufacturing can offer, it also requires a more comprehensive approach to security. Seamless connectivity and smart devices are the catalysts to smart manufacturing, but they can also be a conduit for security threats.
We’re beginning to see companies not just think about cybersecurity from the perspective of defense in depth, but also starting to adopt capabilities that allow them to address cyber risk across an attack continuum, and keeping a tidy cyber workspace is an important part of that process. Successfully implementing these tenets of basic cyber hygiene are the first steps in building an effective cybersecurity program for your organization and improving your ability to defend against future cyber-attacks.