With the advancement of digitization and the industrial internet of things (IIoT), industrial environments are increasingly interconnected and remotely accessible. Historically, this hasn’t been the case, and manufacturers haven’t had to focus on cybersecurity. However, with these advancements, these previously inaccessible industrial control systems are now accessible and often unsecured, and attackers are all too happy to target these vulnerable access points. And it shows: manufacturing is now the second-most targeted industry for cyberattacks, with the largest average ransomware payout. The costs of an attack also extend beyond a potential ransomware payout; organizations face the possible theft and exposure of sensitive data and intellectual property, as well as production downtime that cripples production capacity and directly impacts revenue, at an average cost of $100,000 per hour.
How are these attacks happening? Unfortunately, third party partners are the most common entry point attackers use, with 63% of breaches attributed to third parties. These third parties and contractors are granted permission to industrial control systems to provide timely support and ongoing maintenance, leaving unsecured manufacturing networks susceptible to attackers. The proliferation of IIoT and industrial remote access to manufacturing devices also provide hackers with potential entryways into unprotected manufacturing systems.
Industrial remote access for third parties is often handled locally on a site-by-site basis with a variety of solutions (often whatever is easiest) such as unsecured desktop sharing tools and unmonitored VPNs. While these solutions facilitate remote access, it’s often at the sacrifice of cybersecurity, leaving manufacturing organizations without the centralized oversight, visibility and control they need over the access of their third parties across their global sites.
With cyberattacks on manufacturing plants and industrial machines on the rise, you cannot ignore the cybersecurity risks associated with your third parties and supply chain. And considering the increasing costs associated with these attacks, you cannot afford to neglect fully securing any remote access to your industrial environment.
eBook
More third-party vendors are accessing manufacturing devices, applications, and systems to optimize productivity. But this interconnectivity can come at a cost if not properly secured. Learn more about the cost of a manufacturing cyberattack and how to proactively protect your company from the fallout of a data breach in your supply chain.
Detailed audit and reporting | Capture all third party session activity with HD video and keystroke logs, files transferred, commands entered, services accessed, and work completed |
Multi-factor authentication tied to individual accounts | Ensure approved third-party access with individual accounts for each user, layered with multi-factor authentication |
Native credential vault or integration with your PAM | Store credentials securely and inject them directly into a session, ensuring third parties have zero visibility and access to network or application credentials |
Access controls | Define allowed access down to the host and port level with access timeframes, and assign granular to each user, ensuring least-privilege access to industrial machines for all users |
Built-in best practice security checklist | Use the built-in checklist to verify your SecureLink server is configured to satisfy security best practices, as well as any relevant security standards, such as NIST, ISO-2700, or PCI |
Access and approval workflows | Delegate access approvals to local staff or plant managers who are on-site at each location |
Self-registration | Allow third-parties to register for their own user account, and send the approval request directly to the plant manager without needing central IT involvement |
Universal access methods | Allow vendors to use their own native tools in providing support |
Single source for all reporting and documentation | View all vendors, activity, and access for all plants and locations via a central source |