Tis the Season for Cyber Crime: The Importance of Cybersecurity in Industry 4.0

Cyber 400

December 19, 2018

A scene we see all too often. A busy coffee shop full of patrons sipping their favourite hot beverage, with the glow of laptops and iPads eagerly using up the available free Wi-Fi. Little do they know, this ubiquitous activity can open the door for cyber criminals to steal identities, data and attack any networks they are connected to.

We have become accustomed to the availability of free Wi-Fi at these establishments, so much so that we often click to accept the terms of free internet, without heeding the dangers of using public networks. One such example occurred recently (described in an article by ZDNet – see link below for the full article) when a corporate laptop being used in a coffee shop was enough to allow a sophisticated cybercrime group to compromise an organization’s entire infrastructure.

The incident began when an employee of the manufacturer took their laptop to a coffee shop and used it to visit the website of one of the firm’s partners. The security researchers said the user visited the site after being directed there by a phishing email — and that the site had been compromised by FakeUpdates, a malware and social engineering campaign affecting thousands of Joomla and WordPress sites. The malware shows users pop-ups which claim their browser software needs updating. In this instance, the laptop was then infected with the Dridex banking trojan and the PowerShell Empire post-exploit toolset.

The security software being used by the manufacturer (the vender was not named) relied on devices being inside the corporate network to pick up threats. As the laptop was being used outside the network, this incident didn’t become apparent until the laptop was back in the office — by which time it was too late. The infected laptop then served as an entry point for the attackers to compromise the entire corporate network, allowing attackers to access dozens of systems that could be compromised by taking advantage of the user’s permissions.

How many of us have simply clicked ‘ok’ when a pop-up tells us an update is available?

The coffee shop example is just one instance of how an innocent act can have big consequences, without the proper precautions and systems in place. How employees use technology is an important factor in ensuring their employer’s cybersecurity.

Critical Issues Affecting Manufacturers

An alarming percentage of small and medium-sized Canadian businesses experienced cyber incidents last year (22% of manufacturers world-wide), averaging 22 to 24 hours in downtime. The average cost of a cyber breach in Canada was $6.11 million during that same period. Overall, 48% of manufacturers have suffered from cyber-attacks, with 24% sustaining financial and other business losses.

Cyber incursions continue to grow in frequency and severity. Cyber threats have been identified as one of the most critical issues in the next 5 years, yet according to our friends at Ernst & Young, 58% of Canadian firms still say information security has little or no influence on their business strategy or plans.

Direct attacks notwithstanding, for many businesses it appears careless or uninformed employees are often the culprit for a cyber incursion.

Perhaps the most startling statistic, is 91% of respondents in the EY survey said discovery of a breach that impacted the organization would be the catalyst for increasing their cybersecurity. Waiting until after-the-fact is a complacency that industry simply cannot afford. Only 16% of Boards have sufficient information security knowledge to fully evaluate, with only 13% saying they are excellent at crisis management.

The industrial cybersecurity market is expected to grow by $10 billion through 2023. Measured by sector, manufacturing and energy are the top two critical industries targeted for cyber intrusions. More than half of manufacturers have suffered from cyber-attacks, with a quarter experiencing significant financial and business losses. It’s not just a big company problem, either. 58% of malware attack victims are categorized as small businesses.

With the acceleration of advanced manufacturing automation and robotics, machine learning/AI, blockchain and IIoT, cybersecurity is an important element to protecting your business during the fourth industrial revolution.EMC 175

Best Practices

During a ‘Cybersecurity for Manufacturers’ webinar hosted by Excellence in Manufacturing Consortium (EMC) earlier this month, Scott Mossbrooks, from EMC’s Cybersecurity Team at N-Dimension recommended the following best practices for our members to check on:

  • Educate Staff
  • Inventory All Assets
  • Implementing Access Controls
  • Have a Bring Your Own Device (BYOD) Policy
  • Know Where Data is Stored
  • Maintain, Validate, Test Back-ups
  • Employing services such as Cybersecurity Monitoring and Vulnerability Assessment Scans

Source:

https://www.emccanada.org/newsroom/tis-the-season-for-cyber-crime

https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…