Manufacturers are one of the most popular targets for ransomware attacks, with the average breach costing an estimated $4.7 million, $300,000 more than the average of other targeted industries.¹
What should security teams in the industrial sector do to better protect their organization from cybercrime?
That was the focus of a recent interview with Cybersixgill’s Gabi Reish by Jeff Reinke, Editorial Director of Manufacturing.Net. Gabi, Cybersixgill’s Chief Product and Business Development Officer, began by explaining why threat intelligence is so critical in fending off the increasingly sophisticated attacks manufacturers face.
Threat actors are equipping themselves with generative AI tools and using an ever-expanding array of vectors to achieve their goals. Security teams can’t protect all of their assets, so they need to better understand where they’re most vulnerable.
“Threat intelligence is to provide you with insights and knowledge so that you can prepare yourself,” Gabi said. “Who are the actors? What are their motives? How are they planning to attack you so that you can put your security assets in the right places to protect yourself? The problem is that because the threat vectors are so wide these days, if you don't use some proactive measures, then you're going to be very thin regardless of how much you're investing (in cybersecurity).”
Of course, a manufacturer must start by mapping its attack surface to understand its potential vulnerabilities. After that, the company needs to prioritize its protection actions, starting with areas known to be exploited by threat actors. For example, if a printer has a reported vulnerability, there’s no sense spending time remediating that vulnerability if cybercriminals have shown no interest in exploiting it, Gabi said.
Besides the concerns about loss of data or privacy that a breach might cause, it’s also important to consider the business factors that would be the consequence of an attack when prioritizing defenses. As an example, Gabi recalled a discussion he had a few years ago with a CISO and a CFO at a pharmaceutical company. The CISO was concerned about breaches that could allow access to the company’s database. The CFO also worried about such breaches but was more concerned about an attacker infiltrating the production line and changing the dosage of a drug – a consequence that would trigger a recall and potentially hurt the pharmaceutical company’s reputation for years.
Manufacturers also need to be aware of potential supply chain risks they face through their third-party vendors. Even if the company itself is well-protected, it needs to be mindful of the vulnerabilities it is exposed to from third parties. “It's not only about the digital connectivity of your suppliers, but it's also about your physical connectivity. If you have a partner that has some of your data and then they turn out to be vulnerable, it could impact you.” Cybersixgill helps customers stay aware of potential threats posed by both their suppliers and those that target their own systems and assets.
Another topic that Gabi and Jeff discussed is generative AI, which can be valuable for cybersecurity purposes because it can help users quickly assess potential threats and prioritize responses. The problems with generative AI, Gabi said, are threefold: 1) transparency -- knowing how the AI tool came up with its answers to queries 2) privacy – ensuring that company data isn’t leaked through the query, and 3) accuracy – ensuring that the answer isn’t a “hallucination” of information that isn’t real. Cybersixgill has its own generative AI tool, Cybersixgill IQ, that helps customers get answers quickly and addresses all three of those concerns.
Jeff also raised the problem of threat actors using generative AI to dupe employees into providing access through persuasive phishing and credentialing techniques, among other methods. How should companies combat those malicious uses of AI?Gabi said it’s inevitable that people will be trusting when they shouldn’t -- that’s a human trait that isn’t going to change. To compensate, Gabi suggested, cybersecurity companies need to devise effective “guardrails” that keep an organization safe. That is, if someone inadvertently gives a threat actor access to a network, there should be a guardrail to keep the company from going off the road and crashing into a catastrophic breach.
Manufacturers also need to be mindful of changing regulatory mandates that affect their cybersecurity programs. The Securities and Exchange Commission now requires public companies to not only be proactive in cybersecurity measures but also to disclose cybersecurity incidents when they occur. Fulfilling the latter requirement is easier with threat intelligence, as it allows them to detect the breach and describe the nature and severity of the event.
Understandably, some organizations have felt overwhelmed by the amount of threat data they receive and have trouble determining what is useful and what is noise. This is what Gabi calls “The CTI paradox: The more intelligence you have, the less you know.” But with contextualized threat intelligence – the type that tells you that the exposed printer isn’t worth addressing but the manufacturing line is – security teams receive guidance on what threats are the most urgent to their organization and what steps to take. By understanding what vulnerabilities can be tolerated and what risks should be addressed quickly, a manufacturer can stay focused on its business while keeping cyber threats at bay.
You can hear the entire 37-minute interview here.
[1] Cost of a Data Breach Report 2023, IBM