In response to the 62% global increase in ransomware since 2019 (158% increase in North America) and over 40% of manufacturing firms suffering a cyberattack last year, Onclave Networks recommends manufacturers adopt zero trust architecture and security guidelines as supported by the NSA, the Biden Administration executive order 14028 and NIST SP 800-207 Cybersecurity Framework.
Over the last several years, manufacturing has gone through an information technology (IT) and operational technology (OT) convergence. The integration is expected to expand more rapidly in the years ahead due to the increased availability of 5G and more sophisticated Industrial Internet of Things (IIoT) devices and systems and Industrial Control Systems (ICS).
Modernized digital operations expanding the attack surface
As manufacturers modernize their digital operations, they will connect more disparate devices and systems and transmit that data across IT networks, significantly expanding their attack surface and vulnerability to a cyberattack in the process.
“Most of the IT security methods that manufacturers have relied on for years are not designed to identify or protect operational technology,” said Don Stroberg, CEO of Onclave Networks.
“Manufacturers need to be aware that layering IT solutions on top of one another is not adequate protection for these IoT, IIoT and ICS systems and devices.”
Also the rise in cybersecurity threats is due to both the growth in internet-enabled devices and operational technology, as well as to the greater integration between companies and their supply chain partners.
Recent supply chain attacks raising concerns
As cyberattacks on SolarWinds, Bombardier, Colonial Pipeline, and others have demonstrated, these threats put critical and confidential data at risk, as well as jeopardize operations and production.
“The recent supply chain and critical infrastructure cyberattacks have opened the eyes of a lot of executives and managers who are concerned about their exposure to malware from suppliers as well as whether or not they could unknowingly spread malware across their supply chain,” Stroberg said.
“The potential for massive disruption to the business is greater, as is the liability these companies could face in the future – more reason why manufacturers are turning to zero trust to better secure their networks.”
Why should manufacturers adopt zero trust principles?
The goal of a zero trust framework deployed in an enterprise is to verify trust in people, devices, systems, and networks before engaging/interacting with them – and continuously verify that trust to ensure nothing is compromised. It changes the old saying of ‘trust, but verify’ to ‘never trust, and always verify’ and that any request for network access must be continuously authorized.