According to Verizon's recently released 2014 Data Breach Investigations Report (DBIR), cyberespionage topped the list of online security threats to the manufacturing industry last year followed closely by distributed denial-of-service and web-application attacks. In fact, 54 percent of all manufacturing attacks examined were attributed to cyberespionage which the report defines as incidents that were perpetrated by or linked to state-affiliated infiltration.
And though cyberespionage was the top culprit of attacks on manufacturers, the DBIR data also revealed that organized crime rings, competitors and current and former employees were complicit as well. Further, this year's report illustrated how manufacturers were targeted for their intellectual property, technology and business processes.
So just how did state-affiliated actors infiltrate the network ecosystems of manufacturers? The majority of the attacks, 67 percent, were carried out by phishing schemes in which deceptive e-mails are designed to trick an employee into giving up proprietary information. In addition, Strategic Website Compromises, in which websites of importance to a business are breached to distribute malware, inflicted their share of damage as well.
Given such pervasive threats, what can manufacturers do to safeguard their often complex operations against these types of attacks? The DBIR breaks down tips in its cyberespionage category into basic blocking and tackling and more specific practices that can help protect against attacks of this nature which tend to be very sophisticated and well-financed. Let's start with some basics:
Secure your Software: Exploiting vulnerabilities in browser, operating system and other third-party software is an easy initial step that attackers use to infect systems. Keeping security patches up to date should be table stakes for preventing infiltration and will make these types of 'gateways' tougher to breach.
Maintain Anti-virus Software: Though deploying and maintaining anti-virus software may sound 'old school', the DBIR experts stand by the importance of this practice for detecting application anomalies and other malware.
Educate your employees: Train your employees to recognize suspicious activity and help keep security measures active.
Segment your network: Segmenting networks helps to contain incidents and protect the rest of the ecosystem from being infiltrated.
Keep good records: Maintain accurate logs by logging all system, network and application activity.
Moving onto more prescriptive measures that organizations can take if they are concerned with state-affiliated attacks, the DBIR recommends the following practices which can better isolate key network locations for an attack and give victim organizations the best defense opportunities:
Aggressively defend against Phishing attacks: Focus on a solution that can effectively combat e-mail phishing attacks by expanding beyond spam detection and block lists into 'header analysis,' 'pattern matching' based on past samples and 'sandbox analysis' of attachments and links included in the e-mails.
Track 'Command and Control' (C-2) and data exfiltration activity: Monitor and filter outgoing traffic for suspicious connections and exfiltration of data to remove hosts. Also monitor your DNS connection which represents one of single best sources of data across an organization.
Prevent lateral network movement: Though network segmentation and containment was previously mentioned in the basics, the DBIR experts stress that doing this well can be challenging. Defense practices such as two-factor authentication can help contain the widespread and often uncontested re-use of user accounts.
For more insights into cybercrime and the manufacturing industry, download Verizon's 2014 Data Breach Investigations Report here.
