When looking at industrial cybersecurity, more attention is being paid to how workers are logging in to access critical machinery, software or data. And according to Trustwave Threat Intelligence’s recent Manufacturing Threat Landscape report, 45 percent of attacks experienced by manufacturers stemmed from the bad guys accessing credentials.
Whether by utilizing brute-force tactics, submitting fake support tickets, or purchasing logins on the Dark Web, this seems to prove that hackers would much rather log in than break in.
The report also cited the rise of Initial Access Brokers, or groups that focus specifically on obtaining and selling log-in data to other hackers. One example cited by Trustwave saw an IAB offering access to a leading steel manufacturer for just over $60,000. Unfortunately, this is not a unique circumstance, which is why we're talking to David Cottingham, president of rf IDEAS to weigh in on the ongoing challenges surrounding secure access throughout the OT environment.
Watch/listen as we discuss:
- The importance of simplifying security processes to keep people engaged with them.
- Why no manufacturer is too small to be a target for credential-based attacks.
- Overcoming the bad behaviors that can result from operations personnel dealing with over 25 passwords.
- Avoiding punitive actions surrounding people-based security vulnerabilities.
- Why dual factor authentication strategies are key to ongoing security developments.
- Best practices for mobile device use.
- How VPNs, firewalls and password wallets are simultaneously solutions and vulnerabilities.
To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].
To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.
