July 26, 2019 Insider Threats Hit Manufacturers

Whether acting accidentally or maliciously, employees can leave companies and their intellectual property exposed.

57 percent of database breaches involve an insider threat.

July 26, 2019

By Mike McKee, CEO of ObserveIT

Innovation within the greater technology landscape has led to tremendous changes in how the manufacturing industry does business. In order to keep consumers happy and hold on to their competitive edge, manufacturers have to embrace digital transformation. This reliance on digital processes, however, can leave businesses vulnerable to cybersecurity incidents, especially those stemming from insiders.

In its recent Insider Threat Report, which is based in part on the findings of their Data Breach Investigations Report, Verizon noted that 57% of database breaches involved an insider threat. And further, manufacturing is among the top five industries with the highest percentages of insider threat incidents and privilege misuse. Whether it’s employees operating machinery in the factory or executives in the corner office, having access to critical systems and company data allows them to do their job effectively but also introduces inherent risk.

So, how can organizations protect themselves against insider threats?

Make Training a Priority

Employees can be an organization’s biggest asset for protecting valuable information, but they need the right training to do so. It’s very common for data leakage to occur when an employee inadvertently shares sensitive data—accidentally losing a USB loaded with company data, using third party storage sites to manage files, etc. Just last year, UpGuard Cyber Risk found sensitive documents from more than 100 manufacturing companies (including Ford, Tesla, GM and Fiat Chrysler) on a publicly accessible server, meaning detailed company information was available to anyone with Internet access. This is a perfect example of how an unintentional internal oversight led to major leakage.

While the frequency of these leaks is on the rise (up 26% since 2016), manufacturers can take steps to ensure their employees aren’t accidentally or maliciously leaking sensitive information. It’s critical that manufacturers require regular training at every level, so employees understand current cybersecurity policies, including the risks and repercussions of negligence.

Don’t Overlook Third-Parties

Because most manufacturing organizations rely on third party vendors to fulfill many of their business needs such as supplying materials or fulfilling orders during peak business seasons, new and often temporary employees frequently need to access organization’s digital systems. As with tenured employees, manufacturing executives should consider introducing abbreviated security training for contractors who will be handling sensitive files regularly. More importantly, the organization’s cyber security team should be aware of who has access to the system, and in particular, keep records that readily allow them to trace where a vulnerability was exploited in the case of malicious actors.

Understand the Digital Needs of your Organization

Shadow IT and remote work can be additional avenues for insider threats. Employees who decide to access their work email on unsecured public Wi-Fi, or with a personal device run the risk of compromising the organization’s security network. Likewise, outdated file sharing options make it difficult for employees to work on the go and share files easily, meaning they’ll often use non company-sanctioned software to get the job done. USBs for example, can be a tricky piece to monitor and regulate. It’s difficult to ban all use of USBs in an organization, so some companies have decided to embrace them, but only company-approved USBs can be utilized and they are carefully monitored. Executives should work with their IT teams to understand how their employees want to work and prioritize both ease of use and security.

Detect and Mitigate Malicious Activity

Finally, manufacturing organizations need to ensure they have the tools and personnel in place to identify the warning signs of an insider threat. IT teams should monitor for unusual behavior such as accessing systems during unusual hours without explanation, escalation of privileges to databases, granting broad privileges to another user without authorization, and even unusually large print jobs. Additionally, suspicious employee activities like requesting secure documents and working unusual hours should raise red flags, as they can indicate users are intentionally dodging protocol in order to collect sensitive information.

While this type of malicious hacking may seem unlikely, it’s happening in more organizations than you might think. Just last year, Tesla announced that a former employee changed the code on internal products and sent company data out without authorization. Had Tesla been using a user and data activity monitoring tool, an alert would have been triggered immediately if an employee tried to exfiltrate the data (using a USB, a big print job, or uploading it to a cloud storage tool). It is also likely the employee renamed the file before uploading to cloud storage, which a monitoring tool would have also captured. For someone without a monitoring tool giving visibility into user and data activity, another way to capture data exfiltration, assuming it takes place over a long period of time, is to enforce job rotation among those with access to most critical intellectual property.

In a heightened and evolving risk environment, it has never been more important for organizations to create training programs and set clear policies to ultimately minimize the likelihood of their organization becoming the latest victim of a prolonged and expensive insider leak.

Mike McKee, CEO of ObserveIT

Contact: Observeit@pancomm.com

Subscribe to Industry Today