industry
UNLOCKED can damage business relationships and cause a loss of revenue. sector, threatening manufacturers with disruptions to production and supply chains.
With such large and interconnected networks, manufacturers can’ t prevent every attack. CISOs set themselves an unrealistic goal by trying to prevent all attacks. Instead, the key is to protect service availability by mitigating the impact of cyberattacks.
The best way for CISOs to minimise a cyberattack’ s impact is through a breach containment strategy. This stops threats before they hit critical systems without blocking authorised employees from doing their day-to-day job.
CISOs should identify the minimum viable level of operation needed to maintain production. By controlling how systems communicate, an attack can be contained and production secured. Once critical systems have been identified, the next key step is controlling which users have access to them.
A breach containment strategy aligns with the Zero Trust model, which operates on the principle of least-privilege access, making it easier to isolate and mitigate threats. This means technologies such as Zero Trust Segmentation( ZTS) are effective in breach containment.
ZTS divides the network into isolated segments, with tailored security controls applied to protect each individual segment. When segmenting networks, manufacturers must identify the systems that pose the biggest risk or are too important to fail and apply extra controls. This ensures that when a breach does happen, critical assets are safe.
The best way an organisation can protect against advanced attacks facing the sector lies with a layered security strategy. This starts with security awareness training for end-users. Employees are a key line of defence and need to be able to identify the hallmarks of an email attack, such as urgent requests for sensitive information, poor spelling and grammar, or malicious links.
Organisations must prioritise training sessions that cover the mechanics of email attacks and the importance of vigilance. Simulated phishing exercises can be particularly effective to provide practical experience in identifying and responding to deceptive emails. It’ s also critical to have clear processes in place that ensure users actively report suspicious emails.
With Generative-AI making social engineering attacks more sophisticated and harder to detect, the increased threats facing manufacturing means that employee awareness alone is insufficient, and additional technology-based email security tools are vital. However, traditional security solutions like secure email gateways, which rely on static and known-bad indicators of compromise, are no longer enough.
Instead, manufacturers should consider cloudnative security platforms that incorporate AI-driven
Mike Britton, CIO, Abnormal Security
Unlike the static approach of traditional perimeterbased security tools like network firewalls, ZTS provides dynamic and scalable security, making it easier and quicker to deploy microsegmentation across the hybrid attack surface.
Mike Britton, CIO, Abnormal Security
The manufacturing sector is vulnerable to sophisticated cyberthreats, with cybercriminals focusing their efforts on exploiting supply chains and critical systems. Email continues to be one of the primary ways that attackers target this sector – In 2024, manufacturers faced a 79 % weekly risk of vendor email compromise( VEC), where attackers exploited weak points in vendor communications. Ransomware remains a significant threat, with 65 % of all industrial ransomware incidents targeting the
WWW. INTELLIGENTCISO. COM 45