The Wizard of OT: Leveraging ESET MDR to help secure manufacturing

For manufacturers, digital transformation has proven a double-edged sword, as while it creates improved opportunities for productivity and increased efficiencies, it also opens a Pandora’s box of issues that stem from industry use of cyber-adjacent devices reliant on operational technology (OT) and IT networks that can be abused for devastating attacks, halting production lines and threatening the existence of even larger companies and national security.

A good example of this overlap is modern supply-chain attacks. In 2021, a major US fuel pipeline carrying 2.5 million barrels a day was taken offline following a ransomware attack by the DarkSide cybercriminal gang. This forced the US government to relax rules on land-based fuel transportation and made gas prices jump by around 6 percent. Reportedly, the attackers got in through an exposed VPN account password. In the end, the company opted to pay a ransom of around $5 million to get its systems back.

However, ransomware is not the only threat that may impact manufacturers. In 2017, ESET researchers revealed Industroyer, one of the biggest threats to industrial control systems. The capabilities of this malware include controlling electricity substation switches and circuit breakers directly by abusing industrial communication protocols used in power supply infrastructure, transportation control systems and other critical sectors. This means that the potential impact of an attack could cause cascading equipment damage and failures. 

Due to the manner in which suppliers, contractors, distributors, and third-party service providers are tightly interconnected, they create an expanded attack surface. If one domino falls, the rest follow. The same is true for internally connected systems, as that was how the Petya malware leveraged its access: compromising the M.E.Doc accounting software and executing a trojanized update, allowing the attackers to launch a massive global ransomware campaign.

These incidents are especially bad for critical manufacturers that use legacy systems. Unlike other industries, where outdated systems can be upgraded or replaced more easily (such as in the IT industry), manufacturing depends on expensive, specialized equipment that sometimes relies on obsolete computing systems. So, when a production plant is hit by ransomware such as LockerGoga, it could force a global operation to go into manual mode, costing millions due to lost efficiencies.

However, updating or replacing these systems often requires extended downtime, which can result in steep financial losses due to operational backlogs. This creates an environment in which cybersecurity investments and system updates are often deprioritized, creating gaps in security, which in time would undoubtedly be exploited.

The prime question here is who should take most responsibility for security failures stemming from running legacy or unsecure systems — the professional security operators doing what they can to secure a business 24/7, or the leadership who might trade short maintenance-related disruptions for ransom payments and global shutdowns?

With an average cost of a data breach in the industrial sector being $5.56 million, some thorough discussions should happen inside boardrooms as to whether such costs are acceptable.

Executives and managers play a critical role in setting the tone for how cybersecurity is prioritized and implemented across an organization. For manufacturers, this means treating cybersecurity as a fundamental business goal rather than relegating it to the IT department. In essence, leaders must allocate resources strategically, ensuring that there is a dedicated budget for cybersecurity tools, training, and personnel. What’s more, doing this in concert with process upgrades could bring major benefits in the form of enhanced productivity, netting more business in the long term.

With leadership setting some firm targets for better security, they should also think about their employees. This applies less to manual operators and more to those with access to critical network-adjacent systems, who could introduce negative externalities such as malware into industrial systems. This is underlined by the 2024 Verizon Data Breach Investigations Report, which reported that 83% of breaches in manufacturing were represented by system intrusion, social engineering, and basic web application attacks.

Cybercriminals often exploit people through social engineering tactics such as phishing messages, or by introducing malware into their devices through malicious attachments/other downloads. Hence, regular cybersecurity awareness trainings should cover topics such as phishing awareness, password management, and secure data handling. Moreover, employees should be encouraged to report suspicious activity without fear of repercussions, creating an open and prevention-first security culture.

Additionally, advanced cybersecurity tools, such as endpoint security and extended detection and response solutions, are indispensable for manufacturers. These technologies offer real-time visibility into an entire business network, helping organizations detect anomalies and detect potential threats before they can escalate. This could also be contracted through a managed service, ensuring around-the-clock protection with a global reach.

ESET protecting manufacturers

Managed services such as ESET MDR can provide around-the-clock security, alleviating risks stemming from solutions such as EDR, especially when a manufacturer has understaffed or underqualified security personnel. All of this is achieved without the need for heavy investment into internal resources, while still maintaining production efficiencies. ESET’s MDR offer also includes ESET Detection & Response Ultimate, a highly tailored service acting as a specialized extended security arm of its clients, supplying research-powered professionals capable of dealing with detections in only 20 minutes.

www.eset.com, https://www.eset.com/be-fr