Protecting the Manufacturing Sector from Ransomware

The manufacturing sector has long been a favorite target for ransomware actors. However, the true scale of the issue has only recently become apparent: research published in Infosecurity Magazine last December revealed that ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. But why is the manufacturing sector so vulnerable? And what can organizations do to protect themselves? Keep reading to find out.

Why is the Manufacturing Sector Vulnerable to Ransomware?

Manufacturing companies have several characteristics that make them especially vulnerable to ransomware attacks and a favorite target for cybercriminals. Let’s briefly explore them:

• Outdated Technologies: Much of the modern manufacturing sector is reliant on technology systems – such as Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) systems, and Operational Technology (OT) networks – that often have legacy components and security gaps.
• Interconnectedness: In recent years, many of these systems, especially IT and OT environments, have become increasingly interconnected, creating a large attack surface and allowing breaches to spread from one system to another.
• Low Tolerance for Downtime: Operational downtime can be extremely costly for manufacturing businesses – the aforementioned research found that each day of downtime costs an average of $1.9m – meaning they are often more likely to pay ransoms than other organizations.
• Production-First Mindset: Manufacturing companies prioritize production efficiency and quality over cybersecurity – understandable but unwise. This mindset often results in weak security measures and vulnerabilities.

Another major problem is that typical cybersecurity best practices don’t apply to ICS environments, a reality that too few manufacturers realize. This brings us to our next question…

How Can the Manufacturing Sector Protect Itself from Ransomware?

A manufacturing organization’s ability to avoid a ransomware attack depends utterly on its ability to protect its ICS. ICS is integral to industrial operations and often acts as a gateway to other business systems, allowing ransomware attackers to barge through an organization’s infrastructure and cause untold damage. With this in mind, here are some best practices for securing your ICS.

Implement a Defense in Depth Strategy

A Defense in Depth strategy is a layered approach to security designed to protect systems by implementing multiple, overlapping security measures. Each layer acts as a barrier against threats, ensuring that if one control fails, others can still protect the system.

Adopt Foundational Controls

Your Defense in Depth strategy must include the following five foundational controls:

Hardware and Software Inventory

Maintaining a hardware and software inventory ensures visibility into all connected devices and their configurations. It identifies assets, tracks updates, and detects unauthorized changes. This inventory supports vulnerability management, network segmentation, and change control, forming the foundation for effective cybersecurity measures​

Change Control

Documenting, approving, and monitoring all system changes helps maintain integrity and security. It involves ensuring changes, such as updates or configuration adjustments, align with security standards to prevent unauthorized alterations that could disrupt operations or create vulnerabilities​.

Centralized Log Management

By collecting and storing log data from ICS devices in a unified repository, manufacturing organizations can monitor for and detect security events, gaining insights into system performance, configuration changes, and potential threats.

Vulnerability Management:

Vulnerability management helps organizations identify and prioritize vulnerabilities in devices and software so security teams can address weaknesses before attackers exploit them. It involves regular scans, risk assessments, and patching, with special care for legacy systems that may require passive or targeted approaches to avoid disrupting critical operations.

Network Zones and Segmentation:

Organizations must employ network segmentation, creating network zones and conduits to limit the spread of ransomware attacks. Each zone should have specific security requirements, with communication between zones restricted unless absolutely necessary and explicitly permitted.

Bridge IT/OT Gaps

Bridging the gap between IT and OT helps create a more robust, cohesive security strategy that supports both the digital infrastructure and the critical systems that drive operations. Manufacturers should foster collaboration and communication between teams by establishing cross-functional teams with clearly defined roles and responsibilities. This ensures that everyone is aligned on common cybersecurity objectives.

Leverage Frameworks

Standards like IEC 62443, NIST SP 800-82, and CIS Controls provide structured guidance for securing ICS and addressing risks from insider threats, ransomware, and emerging IoT vulnerabilities.

How Can Tripwire Help?

Tripwire’s advanced cybersecurity solutions for ICS help manufacturing organizations implement all the best practices listed above and more. They grant manufacturers enhanced network visibility, the ability to monitor networks and systems for potential problems, increased resilience, and professional vulnerability assessments to ensure they remain safe from ransomware threats – without impacting normal operations. Find out more here.

What’s more, Fortra has a free eBook, Navigating Industrial Cybersecurity: A Field Guide, carefully put together to help manufacturers get to grips with the basics of ICS, the current threat landscape, compliance frameworks, and how to create an action plan based on best practices. You can download it here.

Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.