The challenge
The manufacturing industry is particularly vulnerable to ransomware attacks because their technologies and operating systems are often legacy and do not lend themselves to security patches or updates.
“Ransomware is often misunderstood,” suggests Vieri Tenuta, IT/OT and IoT Digital Security Offerings Manager at Atos, “it’s highly prolific, easily developed and operates well in a low-tech environment as it exploits vulnerabilities in legacy systems that have no in-built security and relies heavily on social engineering. Up until recently, manufacturers found a level of security through obscurity as their systems were isolated but now that they are increasingly connected, there is a real issue.”
The risk
A malware attack can bring a manufacturer to a halt and prevent business from resuming. It is extremely hard to recover from an attack. In many cases the road to recovery – without any back-up in place – is almost impossible. You cannot break an encryption and often attackers can change encryption keys once an attack has been executed and re-attack.
Many organizations will pay the money immediately to recover. “I know manufacturers who have refused to pay, and their business has been disrupted, sometimes up to a year. It’s an extremely hard road.” says Tenuta.
The situation will be further complicated by new regulations surrounding cryptocurrencies. It is likely that the EU and US will look to ban crypto anonymity to prevent the funding of criminal activity through payment of ransoms. Although any movement to prevent ransomware is welcomed, further thought is required on practical support to organizations targeted rather than simply criminalizing organizations who feel they need to pay to resume operations.
Atos approach
Atos adopts an approach to security that covers people, processes, and solutions.
People:
to reduce ransomware attacks requires all employees to understand what an attack might look like and to take steps to protect and alert against threats. This is a strong defense against ransomware.
Processes:
a risk assessment and adequate data classification is required for an organization to understand how they would manage a ransomware attack. The cost/risk analysis of paying vs not paying must
be played out and scenario planning for every eventuality should be in place.
Solutions:
managed detection and response are needed. Utilizing tools and people, particularly AI, that can monitor user behavior and identify attacks before they take hold is vital.