Analysis and Commentary

Protecting against malware in manufacturing – by Tony Burnside

Analysis and Commentary

Malware in manufacturing is a bigger problem than many would assume. Here Tony Burnside looks at how cyber criminals leverage the cloud to mount their attacks, and what can be done to protect manufacturing organisations.

Most of the headlines around cybercrime and data loss in Australia in recent months – and there have been plenty – have focused on the loss of the general public’s personal data, and so those in the manufacturing industry might have felt it to be a low risk issue for their organisation.

Manufacturing businesses don’t necessarily hold huge data banks of personal information – health records, credit card details and the like.

But the data shows that the manufacturing industry is in no way immune from these cyber risks.

A data breach in manufacturing costs the organisation involved more than the average target – and these costs are growing every year.

With the sector investing heavily in digital transformation, new risks open up with every new machine, digital process or cloud infrastructure brought in to drive efficiency and growth.

A recent report shows that two thirds of malware delivered to manufacturing workers in May 2023 was delivered via cloud applications, more than doubling the levels seen just a year earlier.

Manufacturers are generally cautious organisations due to the nature of their operations, and awareness of the new preferences for attack methodology against them should motivate them to consider the security changes needed to reduce the risks brought in by their cloud ecosystem.

Balancing risk and performance

In the past, manufacturers have had a reputation for being CAPEX-heavy organisations for whom the OPEX model of software-as-a-service required a mind shift.

Today, driven by initiatives the World Economic Forum calls ‘Industry 4.0’, most acknowledge the need to modernise operations and supply chains, particularly in the face of international competition.

Manufacturing Enterprise Resource Planning (ERP) systems – the digital backbone of operations – are increasingly shifting to the cloud, while IoT capabilities and the case for sending OT data to the cloud for collaboration and analytics purposes are both growing.

Add to these core business applications the many productivity tools necessary to run a modern organisation (Microsoft or Google suites, and other collaboration apps…), and most manufacturers are left with complex cloud ecosystems to manage.

The data shows that workers in the sector use, on average, 17 different cloud applications each month which is a clear testament to this growing cloud usage.

A desire for real-time access to system data – alongside a simultaneous growth in hybrid workers working in remote sites or across multiple locations – has drastically transformed and expanded manufacturers’ tech infrastructures and network perimeters, and it is imperative that organisations realise that their security infrastructure needs to undergo a similar transformation to avoid leaving any open doors or windows to the system.

Cloudy with a chance of malware

Cyber criminals are skilled at sniffing out vulnerabilities, and so it is no surprise that they are increasingly focusing on the attack surfaces presented to them in cloud environments.

Threat researchers found that the cloud applications that were the most abused for malware delivery to manufacturing organisations are also the ones that are the most used for basic daily work and collaboration such as the Microsoft or Google suites.

These are highly recognisable and familiar software brands, and so it’s easy to see why the workforce trusts that they are inherently safe.

The attack methodologies that allow nefarious actors to collect aren’t particularly complex.

Some threat actors create fake cloud applications disguised as legitimate business tools, that allow users to sign up or log in with their Microsoft or Google work accounts.

In doing so, employees essentially create gateways for threat actors to access and explore their target’s systems, extract sensitive information and data, sometimes unchecked for weeks or months, and potentially deliver malware and trigger attacks when the timing suits them.

There’s also a degree of human error that needs to be considered. Migrating to cloud applications often requires a change in work practices and how information and data may be accessed and shared.

In the process, and without proper education and security protocols, employees or plant workers may inadvertently access and share sensitive data in the wrong places, or with the wrong people – or just leave them entirely unlocked and open to anyone with who stumbles upon the right URL.

Manufacturing organisations handle sensitive intellectual property – sometimes belonging to their customers – and data protection is imperative.

In addition, with the increasing automation and digitisation of traditional processes, managing the risks of cyber security has become a central business concern.

With both cloud adoption levels and cloud-based malware delivery increasing in the sector, we can expect the volume of incidents involving cloud environments to increase.

Some ways of mitigating cloud risk

In light of the increasing adoption of cloud systems and applications among manufacturing organisations, here are a few recommendations industry players can consider to mitigate the associated risks:

  • Choose technology that can inspect all web and cloud downloads from employees in real-time in order to identify malware that may infiltrate the network
  • Educate employees about – and monitor execution of – specific types of files that are often malware vectors such as executable files (.exe) or archive files (.zip, .rar)
  • Block downloads from web sources and cloud applications that employees do not need. It will help decrease the risk of accidental or deliberate data exposure, and reduce the risk surface to only apps and instances that are necessary for the business
  • Identify and block traffic on the network that looks dodgy, including traffic involving unreputable cloud applications. Blocking this type of communication can prevent further damage by limiting an attacker’s ability to perform additional actions
  • And consider how to protect employees and their devices in instances where they may have to access riskier websites or cloud applications to conduct their work.

Tony Burnside is VP and Head of APAC at cybersecurity and networking company Netskope. He oversees the company’s operations across the region, specialising in securing networks, data and cloud environments for public and private organisations of all sizes.

Picture: Tony Burnside

Share this Story
Analysis and Commentary

Stay Informed

Go to Top