For cybercriminals, stolen login credentials are skeleton keys for manufacturers’ IT & OT networks.

By: Craig Lurey, CTO and Co-Founder of Keeper Security

Manufacturers have long been targets for espionage by competitors and even foreign intelligence operatives seeking to steal highly valuable intellectual property. As manufacturers digitized their operations, espionage activities segued from absconding with paper schematics to breaching computer networks. Verizon estimates that 27% of cyberattacks on manufacturers involve espionage activities. These attacks target IT systems, and historically, that’s where manufacturers’ cybersecurity efforts have focused. OT systems were thought to be shielded from cyberattacks because they were air-gapped and siloed from IT systems.

However, as Industry 4.0 took hold and manufacturing became increasingly computer-driven, it was no longer feasible for manufacturers to air-gap and silo their OT networks. Technicians needed the ability to access OT systems remotely to perform maintenance and repairs. Manufacturers needed to integrate OT process data into IT systems so that they could optimize equipment, enhance efficiency, improve safety, reduce environmental impacts, and cut costs.

Unfortunately, for all its benefits, the IT-OT convergence brings significant cyber risks. One of the most pressing is that cybercriminals can use IT systems as backdoors into OT systems.

Cyberattacks on OT systems cause production bottlenecks and put human life and health at risk

Data breaches involving digital IP and other sensitive information, such as employee tax data or client list, are very serious matters. Cyberattacks on OT systems are arguably even more serious because they can make plant equipment behave in unexpected and damaging ways, not only impacting production but also putting human life and health at risk.

In 2014, a German steel mill fell prey to a spear phishing scheme that compromised user credentials to the mill’s IT systems. Cybercriminals used their foothold in the IT systems to access the mill’s OT systems and manipulate the controls for a blast furnace, massively damaging plant equipment. More recently, Molson Coors had to temporarily halt production after an unspecified “cybersecurity incident” (possibly ransomware) impacted OT systems the company depended on for “brewery operations, production, and shipments.”

Fortunately, no one was hurt in either incident, but as cybercriminals step up their assaults on OT systems, it’s only a matter of time. Over half (53%) of security professionals employed in the manufacturing industry feel that their OT systems are at risk for cyberattacks, and the same percentage report that their organizations experienced a cyberattack over the previous 12 to 24 months that impacted their OT systems. Further, 48% of respondents to a survey by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) stated that operational risks, including cyber risks, were the greatest threats to smart factory initiatives.

How are cybercriminals breaching manufacturers’ systems? Usually, it’s by obtaining a set of legitimate login credentials, either through a phishing or spear phishing scheme or automated attacks that take advantage of employees who are using weak or previously compromised passwords. Over half (55%) of manufacturing industry data breaches specifically target user credentials, and the manufacturing industry holds the dubious distinction of being the number-one industry for phishing attempts.

Cybercriminals can breach manufacturers’ systems by obtaining a set of legitimate login credentials through phishing or automated attacks.
Cybercriminals can breach manufacturers’ systems by obtaining a set of legitimate login credentials through phishing or automated attacks.

Protect your passwords; protect your manufacturing plant

To a cybercriminal, a set of legitimate login credentials equates to a set of skeleton keys to a manufacturer’s entire data environment, including both IT and OT systems. Password security is manufacturers’ greatest cyber risk, but it’s also a risk that’s inexpensive and relatively simple to mitigate.

Require the use of strong, unique passwords

A strong password is at least 8 characters long and uses a random combination of uppercase and lowercase letters, numerals, and special characters. Employees must use a different password for every account and app.

Mandate the use of multi-factor authentication on all apps that support it

Multi-factor authentication (2FA) prevents data breaches by stopping cybercriminals from accessing accounts even if they obtain a working password.

Enforce role-based access control (RBAC) with least-privilege access

Grant your employees just enough system privileges to perform their jobs, and no more. In addition to preventing insider attacks, this also reduces your risk if a cybercriminal manages to get hold of a password.

Deploy an enterprise password security and encryption platform

A robust password security and encryption platform enables IT administrators to monitor employees’ password habits and enforce security policies. It makes it easier for employees to comply with these policies, and it improves efficiency. Password security solutions automatically generate strong passwords and keep track of all login credentials, which means that administrators can ensure that employees are using strong, unique passwords for every account, and employees don’t have to worry about coming up with new passwords or remembering their current passwords.

craig lurey keeper security
Craig Lurey

Craig Lurey is the CTO and Co-Founder of Keeper Security, Inc. Craig leads Keeper Security’s software development and technology infrastructure.  Prior to Keeper Security, Craig was the CTO of Callpod, a technology company that creates unique power products and software. Before that he was the CTO of JiWire, Inc., the leading media and technology service provider to the WiFi industry. Craig led development of JiWire’s technology from the ground up to deliver web services and security applications to millions of users worldwide.

In 1998, Craig created a software platform for what would become CNET ChannelOnline™, a turnkey sales-cycle automation solution for the computer industry. Craig’s company Apollo Solutions was acquired by CNET Networks Inc. in June 2000. ChannelOnline now manages the e-commerce and daily operations of thousands of computer resellers throughout the United States. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University and has been named Most Innovative CTO of the Year in 2020 by Cyber Defense Magazine’s InfoSec Awards.