The new face of insider security threats https://www.automation.com/files/pluginfiles/item_99419/field_376/Cyber-Secure_reg.jpeg
By Mille Gandelsman, CTO, Indegy
Insider threats - accidental and deliberate - have always haunted manufacturers. Already in the early days of the industrial age the workers sabotaged machines and production processes deliberately for various, mostly political or financial reasons, but also out of sheer malice. This led to the famous phrase "throwing a wrench into the works" . Sometimes a clumsy or distracted worker accidentally dropped a wrench or other object into a machine.
Since then, the reasons for insider threats have not changed significantly, though social engineering tactics give the idea a new meaning to a wrench in the works. However, what has changed fundamentally is the fact that manufacturers are facing a multitude of threats - from simple physical acts at the manufacturing facility (for example, when someone accidentally or intentionally switches a switch) to malware, to in-depth hacking of the computer IT or OT network on social engineering. 19659004] Employee accidents can have devastating effects on a production line and the result. Recently, a programming bug on Subaru caused SUVs to be scrapped because the vehicles missed critical spot welds. The cost: millions of dollars and downtime. In the 1980s, misprogrammed robots at GM triggered a costly trail of disaster, including: robots who paint instead of cars; smashing windshields instead of installing them; (19659004) Because insider threats are hard to detect and prevent, they present a unique challenge to manufacturers.
Three Common Types of Insider Threat Payback
Typically, an angry employee with access to privileged parts of the network can extract information or cause harm to the organization.
- Ignorant onlookers are privileged-access employees who accidentally cause a security breach. This can be done in different ways. Scenarios include sending sensitive information to another employee or outsider or providing network access to someone who should not.
- In this case, an outsider uses social engineering to trick an employee into disclosing confidential information or their credentials for access to the IT or OT network. These may include a fake e-mail, a phishing scheme, or a "delusion call from IT" requesting a user's ID and password.
- Vicious insiders.
- They are behind most attacks. This multitude of employee and contractor threats was quantified in the 2018 Verizon Data Breach Investigations Report which found that 28 percent of all privacy breaches involved insiders.
The report shows that while malicious outsiders (72 percent) were the main source of data breaches, they accounted for only 23 percent of all compromised data. On the other hand, insiders were behind 76 percent of all compromised records.
Unlike many industry verticals, where motivation is almost always financial in nature and almost exclusively organized crime, industry has a higher proportion of state-related actors (53 percent) than organized crime (35 percent).
Detecting and Preventing Insider Threats
Manufacturers can combat threats by improving their capabilities in three areas: visibility; Security; and control.
Enterprises should implement features that provide complete real-time visibility in their IT and OT environments. This includes the ability to monitor and track all attempts, access automation controls, and log all changes, not just to identify malicious actions, but also to investigate problems caused by human error.
Ideally, visibility should include an OT-specific security and monitoring system that analyzes network traffic and device behavior. Such visibility should be supported by a detailed warning system - alerting an organization to changes or questionable activities as they happen.
The best way to improve security is to apply rules and heuristic analyzes that are specific to the manufacturing process. Heuristic analysis is able to detect many previously unknown forms of malware and new variants of current versions.
Without such an analysis, detecting and controlling an injury can take weeks or months - and a very expensive cleanup can lead to production stoppages and damage to the brand and reputation of the company.
In addition, vendors should implement control-space access management policies that determine who can make certain changes when and how.
Finally, enforcing network resource security controls and managing a current inventory of industrial controllers and their status, including firmware versions, patch levels, serial numbers, and other backplane information, is critical to insider threats fight. This allows manufacturers to quickly fix newly released vulnerabilities and detect inadvertent changes and errors before they can have a significant impact on operations.
Although malicious insider attacks and human error have existed since the beginning of time, OT networks have become particularly vulnerable lately. Fortunately, with the right visibility, security, and control, manufacturers can protect and limit threats from both insiders and outsiders.
About the Author
Mille Gandelsman is CTO of Indegy, where he directs the company's technology research and product development. Prior to Indegy, he led technical development efforts for Stratoscale and spent several years managing cybersecurity research for the Israel Defense Forces' 8200 elite unit. Mille has more than 15 years of ICS and cybersecurity experience.
we are supplier of ABB,endress hauser,MTL Intrinsic Safety Eaton MTL,Pepperl+Fuchs International. Industrial Sensors, Factory Automation ,P+F ,SMAR – Industrial Automation
for get this brands items please send us your inquiries as following link
Please send us your request with full details via the following link to supply your equipment in the fields of power, instrumentation and industrial computers. We will try to respond to you as soon as possible.