{"id":3244,"date":"2024-08-28T18:54:07","date_gmt":"2024-08-28T18:54:07","guid":{"rendered":"https:\/\/softwaredefinedautomation.io\/?p=3244"},"modified":"2024-08-28T18:54:07","modified_gmt":"2024-08-28T18:54:07","slug":"manufacturing-needs-a-stronger-lock-on-the-ot-front-door","status":"publish","type":"post","link":"https:\/\/www.softwaredefinedautomation.io\/sda-old\/resources\/blog\/2024\/08\/28\/manufacturing-needs-a-stronger-lock-on-the-ot-front-door\/","title":{"rendered":"Manufacturing Needs a Stronger Lock on the OT Front Door"},"content":{"rendered":"

I previously wrote on the growth of ransomware attacks in manufacturing and how cyber attackers are aggressively going after operational technology (OT) environments for profit through a variety of means\u2014including phishing, malicious email, exploited vulnerabilities, downloads, and brute force attacks\u2014to <\/span>exploit vulnerabilities in backup systems<\/span><\/a>. But some attackers stroll right through the front door\u2014simply by logging into authorized accounts. How can they do this? By using identity-based attacks and social engineering to obtain legitimate user credentials. These approaches encompass a variety of techniques, but the main difference is that identity-based attacks use systems to access or crack passwords, while social engineering approaches, including phishing, are designed to get the users themselves to divulge their login info. Either way, it\u2019s a big problem.<\/span><\/p>\n

Identity-based infiltration is on the rise<\/h3>\n

It\u2019s happened to all of us: You receive a letter from some company you\u2019ve done business with at some point stating that they had a data breach and your personal information may have been compromised. When this happens, your login credentials could end up available for sale on the dark web, so the company offers you 12 months of free credit monitoring. If it feels like you\u2019re getting more of these notices lately, it\u2019s not just you.\u00a0<\/span><\/p>\n

According to IBM\u2019s <\/span>2024 X-Force Threat Intelligence Index<\/span><\/a>, there was a 71% increase year over year in the volume of attacks using valid credentials\u2014and for the first time ever, \u201cabusing valid accounts became cybercriminals\u2019 most common entry point into victim environments.\u201d Furthermore, manufacturing was the top-attacked industry for the third year in a row, representing more than one-quarter (25.7%) of all incidents in the top 10 most-attacked industries, and the use of valid accounts represented 41% of incidents in North America.<\/span><\/p>\n

\"\"<\/span><\/p>\n

The reason for this rise isn\u2019t hard to grasp. After all, why hack in when you can simply log in? It\u2019s easier to harvest user names and passwords than to write and execute new exploits. Manufacturing organizations need to implement stronger controls to make identity-based intrusions <\/span>much<\/span><\/i> harder.\u00a0<\/span><\/p>\n

Training is critical to enable users to recognize social engineering attempts so they don\u2019t fall prey to them. But training is not enough. You need to fortify your authentication controls with phishing-resistant systems and protocols\u2014and you need to extend those controls across the entire OT environment, including all of your legacy systems.\u00a0<\/span><\/p>\n

Authentication plays a critical role in a robust zero-trust identity and access management strategy. There are three areas in particular to focus on to improve the security and protection of your critical OT systems: multi-factor authentication (MFA), single sign-on (SSO), and role-based access control (RBAC).<\/span><\/p>\n

Layer up your authentication defenses with MFA<\/h3>\n

A password is one form of authentication. It\u2019s something the user <\/span>knows<\/span><\/i>. But if a hacker also knows the password, it\u2019s easy for them to get in. MFA adds an additional level of protection by also requiring something the user <\/span>has<\/span><\/i>, which the hacker does not have easy access to. Typically, this additional form of verification is sent to email, text, or an authenticator app.\u00a0<\/span><\/p>\n

Streamline logins\u2014securely\u2014with SSO<\/h3>\n

Your users work with multiple systems. When they need different credentials to log into each one, it doesn\u2019t just create so-called password fatigue, it increases the chances that they\u2019ll pick easy-to-remember (and easier-to-crack) passwords, or that they\u2019ll write down all their different credential combinations, which is a security risk. SSO allows users to securely log into multiple applications using one set of credentials. Companies use SSO to centralize authentication and improve security by enforcing strong access and security policies. With SSO, you provision a user the day they start at the company, giving them access to all the accounts they need with one set of credentials. And then when they leave the company, you can deprovision them from all systems in one action from a single point. SSO enables you to streamline identity management, centralize access control and monitoring, and decrease your attack surface\u2014all of which strengthen your overall security posture.<\/span><\/p>\n

Easily provide as-needed access with RBAC<\/h3>\n

RBAC enables you to restrict access to a system based on a user\u2019s role, rather than having to assign and manage permissions on an individual basis. RBAC doesn\u2019t prevent you providing individualized access when needed, but it streamlines the overall permissioning process while still ensuring that people have access to the applications they need to perform their jobs. A subset of role-based access control is time-based access control, which grants access for limited period of time and self-expires. You might use time-based access control with a vendor who needs to access a project or programmable logic controller (PLC)\u2014or even a set of projects or PLCs\u2014just until next Friday, for example.<\/p>\n

Software Defined Automation supports strong authentication controls<\/h3>\n

MFA:<\/strong> SDA strongly recommends that users and companies implement MFA for all SaaS and enterprise applications whenever possible. Our products use MFA with authentication apps using QR codes. We support many of the popular authenticator apps (TOTP-compliant applications), including Google Authenticator, Microsoft Authenticator, Twilio Authy Authenticator, Duo Mobile, and Symantec VIP. MFA is enabled through the User Profile menu and can be used for login, as well as optionally for additional critical actions within the system such as to start Browser-based Engineering<\/a>, approve deployment requests, and execute deployments.<\/p>\n

SSO:<\/strong> SDA\u2019s Enterprise offering supports a wide range of SSO providers.<\/p>\n