Manufacturers embrace the benefits of cloud apps – and new security risks.  

Until recently, manufacturing lagged behind other industries in embracing a cloud-first philosophy. But a new report shows that the manufacturing sector is now closing that gap when it comes to adoption of cloud applications. Findings from the Netskope Threat Labs Report for Manufacturing show that from June 2022 to May 2023, the number of manufacturing users uploading to cloud apps increased by 27 percent to 58 percent, and a whopping 94 percent of manufacturing users downloaded from the cloud. Over the same period, the number of different applications each manufacturing user interacted with also increased (from 13 to 20).

Microsoft OneDrive proved to be the most popular app overall, used by 43 percent of manufacturing workers on an average day. Google’s suite of applications was also more popular among manufacturing organizations than in other industries—especially Google Meet for online video calls and conferencing.

But while cloud applications are clearly helping manufacturers improve productivity and enable a growing demand for hybrid workforces, this report also reveals that these cloud-based tools are simultaneously introducing new risk exposures to sophisticated threats like malware and ransomware. To take it a step further, the findings point to a more precise and actionable issue – that the existing defenses in manufacturing environments needed to counter these kinds of persistent cyberattacks appear to be insufficient.

Cloud app adoption brings new challenges for manufacturers
Netskope’s Threat Labs Report shows that greater overall use of cloud apps in manufacturing has also increased the instances of application abuse – as seen by the sharp rise in the number of attacks exploiting cloud applications. Malware delivered to manufacturers via tools like OneDrive, Sharepoint, and GitHub increased from 32 percent to 66 percent over the 12-month review period. Cloud applications allow attackers to evade old-fashioned security controls that still rely primarily on domain block lists and URL filtering. These old-fashioned security controls often simply do not inspect cloud traffic at all.

The most common types of malware detected in manufacturing over the reporting period were Trojans, which attackers use to gain an initial foothold and then deliver other types of malware (e.g., infostealers, Remote Access Trojans, backdoors, ransomware). The second most common type of malware detected were file-based exploits, which include documents used to exploit known vulnerabilities. Downloaders are another common tool used by malicious actors. Similar to Trojans, downloaders are used to deliver other types of malware once they make it inside a manufacturing network.

Why a zero trust approach is the way to go
Why are these threats causing particular problems for the manufacturing sector? It comes down to a matter of trust. Traditional operational technology (OT) systems used in manufacturing were typically designed to implicitly trust everything within their environments because they were safely ‘air-gapped’ from information technology (IT) and other outside risks. In short, OT-based systems were kept secure through isolation. However, increasing convergence between IT and OT systems – including via cloud apps – means that manufacturers must now reevaluate how they protect their people, data, and operations from theft and disruption.

Organizations need to embrace a cybersecurity strategy that continuously adapts and controls the level of trust given to users and applications based on ever-changing sets of contextual factors. This is essentially what a zero trust approach offers. Zero trust principles address the risks presented by OT/IT convergence and direct-to-cloud access by: 1) removing implicit trust at the access level; 2) enforcing policy-based controls based on the least amount of privilege required; and 3) continuously monitoring in support of ongoing policy refinements.

How a SASE architecture can underpin a zero trust strategy
So how can manufacturers take zero trust from principle into practice within their security programs? Secure access service edge (SASE) is the technical architecture that offers the critical benefits of a zero trust approach – enabling fast and reliable network performance while securing transactions wherever users and data go.

A SASE architecture unifies networking and security services, which allows it to protect users, applications, and data wherever they exist across the organization – even cloud-based resources and remote users. SASE can provide this kind of anywhere/anytime secure access because delivering protection at the network edge doesn’t incur performance penalties from backhauling traffic to a centralized datacenter for inspection and policy enforcement.

Organizations should look for a cloud-native, fully converged, single-vendor SASE solution that combines capabilities like Firewall-as-a-Service (FWaaS), secure web gateway (SWG), cloud access security broker (CASB), and zero trust network access (ZTNA). It should also include Borderless WAN for secure, reliable connectivity from every site, cloud, remote user, system, or device across the extended manufacturing environment.

A fully featured SASE solution should also provide security leaders with the following specific capabilities needed to protect manufacturing systems from sophisticated threats:

Inspection of all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network

Thorough inspection of high-risk file types (e.g., executables, archives) using a combination of static and dynamic analysis before download

Policies to block downloads from/uploads to apps and instances that are not used in your organization

An Intrusion Prevention System (IPS) that can identify and block malicious traffic patterns, such as command and control traffic associated with popular malware

Securing the future of manufacturing with SASE
As the manufacturing sector continues its cloud-first trajectory, these aren’t the only transformational changes happening within industrial environments. Adoption of an expanding number of industrial internet of things (IIoT) devices and new robotics technologies, as well as the rapid evolution of artificial intelligence and machine learning (AI/ML) capabilities are all driving major changes to manufacturing systems and processes. A SASE architecture anticipates all these changes on the near horizon.

In terms of benefits, a realized zero trust approach via SASE can help manufacturers reduce risk, increase business agility, and lower costs across all four stages of organizational transformation:

Network transformation: SASE includes advanced networking and access control capabilities to secure direct-to-cloud access for manufacturers – providing a fast and reliable networking experience for any user, device, or location

Security transformation: SASE can help define explicit trust parameters for data and threat protection with the ability to inspect web, Software-as-a-Service (SaaS), and Infrastructure-as-a-Service (IaaS) traffic. It can also validate the organization’s overall security posture

Application transformation: SASE can help manufacturing organizations establish contextual trust baselines for applications, users, devices, and systems to apply adaptive policy controls

Data transformation: SASE refines the trust posture for advanced data protection in-motion, in-use, and at-rest by using analytics to instantly detect suspicious data movement and behavioral anomalies among users.

www.netskope.com