Manufacturing Industry and Cybersecurity: The Need for Penetration Testing

The Year of the Hack: Why Manufacturers Can't Afford to Skip Penetration Testing in 2023

We live in an era where cyberattacks are growing more frequent, sophisticated, and disruptive. Hardly a month goes by without significant headlines about a new breach. Ransomware gangs target vulnerable critical infrastructure like healthcare, food production, transportation, and energy. No sector is immune. For the manufacturing industry, the stakes could not be higher.
Recent statistics paint a grim picture. According to IBM, the manufacturing sector suffered the second-highest rate of cyberattacks in 2021, with a staggering 250% year-over-year increase. Attackers compromised 44% of all industrial control system computers in the first half of 2022, per Kaspersky. The costs are eye-watering, with the average breach in manufacturing costing $4.81 million.

Yet manufacturers have been lagging when it comes to cyber preparedness. A Fortinet survey found that only 53% of OT networks in manufacturing used network segmentation to contain threats. Meanwhile, 97% of ICS computers had vulnerabilities. This perfect storm of increasing exposure, valuable data, and security gaps has attracted nefarious interest.

"It's no longer a question of if, but when manufacturing companies will face a serious cyberattack," warns Paul Mezzera, veteran ethical hacker and cybersecurity researcher. "Proactive defences like penetration testing are a must-have, not a nice-to-have."
So what exactly is penetration testing, and why should manufacturers prioritise it now more than ever in 2023?

• Putting Your Cyber Defenses to the Ultimate Test

  Penetration testing, also known as pen testing or ethical hacking, involves authorised cybersecurity professionals systematically attacking a company's networks, systems, and applications to evaluate its security. It aims to identify vulnerabilities and weaknesses before bad actors can find and exploit them.
  "You can think of pen testing like a whole-body scan at the doctor's office, but for your network security," explains Mezzera. "The goal is to uncover risks early on so you can treat them before it's too late."
  
  Penetration testers use many of the same tools and techniques as real-world attackers. First, they gather information from open sources like WHOIS records, job listings, and social media to map an organisation's digital footprint. Next, they scan networks and applications to detect entry points. They then attempt intrusions using phishing emails, password cracking, social engineering, and exploit code to bypass defences.
  
  If successful, testers can gain access to sensitive systems and data to evaluate how far an actual attacker could penetrate. However, unlike malicious hackers, they document every vulnerability uncovered and provide actionable recommendations to fix them.
  For manufacturers, critical systems to penetration test include:
  
  
• The prime targets are industrial control systems (ICS) that operate assembly lines, robotics, HVAC, and heavy machinery on the plant floor. Testing PLCs, DCS, SCADA systems, and human-machine interfaces can uncover vulnerabilities hackers could exploit to disrupt production.
• Manufacturing networks should be tested - for gaps that could allow attackers to gain internal access, move laterally, and compromise additional systems after breaching the perimeter. Testing internal network segmentation is vital.
• Supply chain platforms - connect manufacturing companies to suppliers and logistics partners. Compromising these systems provides a gateway for infecting the vendor network, stealing data, or disrupting just-in-time inventory flows.
• Connected IoT devices - like production sensors, monitors, and embedded systems are increasing on factory floors. Often, these devices have weak security controls ripe for exploitation to gain network access.
• Cloud-based analytics dashboards and production applications provide visibility into manufacturing operations. Testing authentication mechanisms and cloud permission configurations is crucial to prevent data theft.
• Corporate IT systems, including employee email, endpoints, and internal databases, house sensitive manufacturing designs, contracts, customer information, and financial data sought by attackers. These business systems also connect to plant floor environments.
  
  The expanding digital attack surface makes testing a broad spectrum of systems critical. Holistic assessments reveal interdependencies and risks that siloed testing of individual components would miss. Prioritising testing based on business impact and threats can optimise limited resources.
  

Notable Manufacturing Cyber Attacks

Recent years have seen sophisticated cyber attacks cause massive global disruption to manufacturing operations and critical infrastructure. These incidents underscore the need for proactive cybersecurity measures across the manufacturing sector.

Russian state-sponsored hackers used malware to cut electricity to hundreds of thousands of Ukrainians in 2015 and 2016 in the first confirmed hacks to take down a power grid. The attack leveraged phishing and vulnerabilities in industrial systems.
Aluminium manufacturing giant Norsk Hydro suffered an extensive ransomware attack that severely disrupted production in European and US plants. The Ryuk malware spread through the corporate network to infect OT systems.
Japanese automaker Honda halted production for a week at a UK manufacturing facility after being hit by the Snake ransomware strain. The attack disrupted Honda's internal servers and forced a shutdown to contain the infection.
The ransomware attack on Colonial Pipeline demonstrated how cyber threats can impact physical infrastructure. The pipeline shutdown caused gasoline delivery disruptions and shortages across the US East Coast.
A cyberattack attributed to a Russia-based group forced global meat processing giant JBS Foods to cease operations at plants in the US, Canada, and Australia. The disruption impacted meat supply chains.

These incidents reveal several trends:

1. OT environments are increasingly targeted
2. Modern malware can evade legacy controls
3. Disruption costs grow into millions
4. No sector is immune to cyber threats

   
   

   Importance of Proactive Measures

   To manage growing cyber risks, manufacturers should adopt measures like:
   - Penetration testing to find gaps proactively
   - Asset management to inventory systems
   - Network segmentation to limit lateral movement
   - Incident response planning to enable rapid containment
   - Employee cybersecurity training to counter social engineering
   As manufacturing digitalises, proactive cyber strategies become imperative to avoid operational shutdowns. Continued vigilance and testing are needed to thwart emerging threats.

   
   

   Uncovering the Cracks Before Catastrophe Strikes

   Penetration testing provides a proactive way for manufacturers to identify and address the inevitable gaps that emerge in sprawling OT/IT environments.
   
   

   "Even if you have world-class cybersecurity in place, networks are dynamic, and threat actors always find new vectors of attack," says Cynthia Rowland, CISO at an automotive parts manufacturer. "Pen testing exercises help future-proof companies against emerging threats."

   So what are some vulnerabilities commonly uncovered during manufacturing pen tests? Common findings include:
   
   
   Unpatched or outdated OSes/software:

   Older, unsupported systems containing known vulnerabilities provide easy targets. Keeping software updated is critical.
   

   Inadequate network segmentation:

   Lack of proper segmentation between OT and IT allows threats to pivot between environments.
   

   Legacy equipment:

   Older machinery may need more security features or run outdated protocols. These must be isolated.
   

   Insecure remote access:

   Exposed ports, default passwords, and unprotected endpoints enable unauthorised access. Multi-factor authentication is vital.
   

   Weak credential hygiene:

   Reuse of simple passwords across accounts, unchanged default passwords, and lack of password rotation represent common issues.
   

   Vulnerable code:

   Pen testing often reveals memory leaks, buffer overflows, SQL injection flaws, and other bugs in custom software and scripts that programmers missed.
   

   Phish-prone users:

   Well-crafted phishing messages demonstrate how staff may fall for social engineering and compromise systems. Education is essential.
   

   Improper logging/monitoring:

   Limited visibility into traffic and systems hampers threat detection and response. Robust logging and SIEM integration provide security benefits.
   
   Proactive pen testing uncovers these gaps so manufacturers can implement controls like network segmentation, more vital access management, and multi-factor authentication before disaster strikes.

   
   

   Turning Pen Testing Insights Into Action

   The most valuable penetration tests provide more than just a list of vulnerabilities - they equip manufacturers with clear roadmaps to remediate findings and improve overall security posture.
   Partnering with an experienced penetration testing team is critical for expert discovery of risks and guidance on translating findings into mitigations. Look for providers who offer contextual analysis of vulnerabilities to understand root causes, assign realistic risk ratings, and provide tailored recommendations.
   
   For severe high-risk gaps like unpatched systems being imminently exploitable, temporary containment measures may be prudent before implementing more permanent fixes. Isolating affected systems, applying additional firewall rules, and enforcing multi-factor authentication can limit exposure.
   Longer-term, manufacturers must critically prioritise patching outdated software and systems highlighted by tests. Dedicate resources to upgrading operating systems, industrial control system software, and web frameworks containing known vulnerabilities. Cybercriminals eagerly exploit these common issues.
   
   Tests often reveal areas needing better segmentation between IT and OT environments. Define appropriate network zones, implement tight access controls between them, and funnel traffic through internal firewalls and proxies. This security-in-depth approach limits lateral movement.
   Use technologies like deception tools to detect attackers that penetrate perimeter defences quickly. Deception tools place bait like fake drives across networks that alert when accessed. They provide visibility into malicious activity that is otherwise hard to spot.
   
   Ultimately, business leaders should drive cultural focus on cybersecurity through ongoing education and champion programs. Empowering engineers and operators to spot risks, follow secure practices, and report problems is foundational to resisting social engineering and ransomware.
   
   With guidance from penetration testers, manufacturers can transform findings into actions that substantially improve resilience. Testing gives insights, and leadership makes them a reality.

   
   

   The Time is Now: Preempt Cyber Catastrophe Through Proactive Testing

   Manufacturing is the backbone of the economy. Technology has brought immense productivity gains and uncertainty in the face of rising cyber risk. Recent attacks have shown that no company is immune as criminals ruthlessly target operations.
   Leaders bear the solemn responsibility of securing systems against disruption. There are no shortcuts when lives and livelihoods are on the line. Penetration testing represents the best-practice standard endorsed by security experts worldwide.
   
   I implore all manufacturing executives and owners to prioritise proactive cyber defence in 2023. Do not become another victim interviewed about an "unimaginable" crisis. Partner with our penetration testers and cybersecurity researchers to find your weaknesses before they become headlines.
   
   Over 2500 companies have worked with MicrominderCS to uncover over 54,000 vulnerabilities through comprehensive assessments. Our ethical hackers use the same tools as hackers to provide unique insights. We help clients patch, improve processes, and monitor systems against emerging threats.
   
   MicrominderCS offers flexible and cost-effective testing solutions tailored for manufacturing's specialised environment. Our mission is to equip companies with actionable threat intelligence to meet today's challenges.
   The time for hesitation is over. Contact us today to schedule your initial penetration test and security analysis. Our team is ready to uncover your risks and empower you to secure the future. Some problems must be solved before tomorrow.