The cyber attack affected the systems of the NHS in England and Scotland as well as Nissan UK among many other Government departments, companies and universities worldwide. And the cause? Not downloading Microsoft’s security update.
It was widely reported that because the NHS is still using Windows XP, their systems were most at risk as there hadn’t been an update for that platform since 2014. However, Kaspersky Labs found that 98% of the systems affected were actually running Windows 7 meaning that many people remain vulnerable to attack. But what does all this mean for design engineers?
The continued growth of digital technology, automation and the Internet of Things is helping engineers be more efficient and cost effective than ever. Industry leaders, from design through to manufacturing, know that adopting ‘Industry 4.0’ is the only way to continue to compete, so they are using real-time data to gain a competitive edge and boost those all-important margins. However, this marriage of old and new technologies introduces new cyber risks which, if ignored, could put a stop to business altogether.
According to research by PwC, nearly half (46%) of engineering and construction company executives say they have reached advanced levels of digitisation in product development and engineering. As more industrial equipment gets digitalised, previously unconnected things become part of the IT network.
It means, teams that look after the security of these networks have found themselves with a much larger attack surface to protect.
The manufacturing sector is already well known to trail other industries in adopting new connected technologies, and now an aversion to cybersecurity potentially leaves it more vulnerable. Ransomware, especially, is a threat that is becoming increasingly complicated to defend against.
The risk of ransomware
For engineering and manufacturing firms, ransomware attacks could grind production to a halt, damage customer relationships and incur huge costs. It could also mean intellectual property and design files could be lost.
Viruses are often delivered in the form of a simple phishing email, containing a misleading attachment for the victim to open. Once opened, the attachment encrypts the data in the user’s system and tells them how much money they need to pay to get the decryption key. Recent research from the EEF has shown that 20% of manufacturers don’t make their employees aware of cyber risks in company policies, so it’s easy to see why they are particularly susceptible.
“The damage done by ransomware has historically depended on who in the company is targeted,” says Matt Middleton-Leal, regional vp for the UK, Ireland and Northern Europe at security software firm CyberArk. “However, more recently we have seen variants of ransomware that have extended their scope beyond the hard drive of a single PC.”
Bolstering defences
Most anti-malware and anti-ransomware solutions focus on detecting and blocking malware at the point of inception. These solutions are useful when you know what you’re looking for – but ransomware continues to evolve, with new variants coming out every day. Manufacturing organisations should therefore adopt a multi-layered approach, which employs application control and removes local privileges (ie the ability to access more sensitive parts of the network) from regular PCs. This will reduce the surface for attacks and block their progression.
Steps must also be taken to protect an organisation’s most sensitive files. Greylisting – an approach that allows unknown applications (ie the latest ransomware variant) to execute harmlessly – blocks ransomware from being able to access or encrypt critical files.
Backing up data is another simple but crucial tool in the fight against ransomware. With multiple generations of backup – taken from automatically backing up data at various intervals – the system can be wiped and restored in an instant, avoiding the need to pay any ransom.
With findings from recent Trend Micro research indicating that only 45% of infected companies got their data back upon paying the ransom, this is pivotal to keeping operations running.
Manufacturing and engineering companies must undoubtedly embrace Industry 4.0 to stay relevant, but cybersecurity across industrial networks needs to become an increasing consideration.
Middleton-Leal concludes, saying: “By dedicating equal time and investment towards protecting their highest value assets through improved cybersecurity, organisations can limit the impact of this fast-growing threat – such as ransomware – and ensure their business remains operational at all times.”
Fixing flaws in industrial robots As robotics and other sensors are rolled out across industrial production networks, the corresponding increase in connectivity raises the risk of a cyber attack. In its security analysis, researchers from Politecnico di Milano (POLIMI) and the Trend Micro Forward-Looking Threat Research (FTR) Team found that the software running on many devices is often outdated. Additionally, the Trend Micro FTR Team found tens of thousands of industrial devices residing on public IP addresses, further increasing the risk of an attacker accessing them. Federico Maggi, senior threat researcher at Trend Micro, says: “By combining the set of vulnerabilities that we discovered on a robot installed in our laboratory we demonstrated how remote attackers can alter or introduce minor defects in the manufactured product, physically damage the robot, steal industry secrets, or injure humans. We then considered some threat scenarios on how attackers capitalised on these attacks, as in an act of sabotage or a ransomware-like scheme.” The researchers’ say that robot-specific attacks are well within the realm of possibility and as such, must be considered seriously by all involved in producing and operating industrial robots, not only in the future but today. |