Industry TalkRegular Industry Development Updates, Opinions and Talking Points relating to Manufacturing, the Supply Chain and Logistics.
What can we learn from the Kaseya ransomware attack?
The scale and details of the Kaseya ransomware attack are still unknown, but one thing is certain — the virus has spread to hundreds of Kaseya customers and will impact the functionality of millions of PCs, compromising the safety and integrity of terabytes of data.
Among the victims are more than 500 Swedish COOP supermarkets, forced to close their premises because of the consequences of the attack, which impacted a tool used to remotely update checkout tills and thus prevented stores from taking payments.
One of the reasons for the disastrous consequences of this attack is its spreading mechanism. Similarly to WannaCry, the 2017 ransomware that compromised, among others, the IT systems of the British National Health Service (NHS), the Kaseya attack spread in an automated, capillary way, reaching service providers and their end users. This means that hundreds of thousands of users can be infected almost instantly and with no human intervention.
While any cyberattack impacts business continuity, ransomware are particularly pernicious for their ability to access sensitive information contained in customer databases, resource planning software and email. The risk is not only that business operations will be disrupted, but that confidential information such as banking details or intellectual property might enter the public domain, with serious legal repercussions on the victims.
The risks in manufacturing
For manufacturers, the rise in ransomware attacks is particularly worrying. With the implementation of Industry 4.0 technologies, every machine connected to the IoT represents a potential entry point for hackers. At the same time, the sector lags behind in cybersecurity, since security compliance standards, such as those introduced in financial services and healthcare, have not become mandatory or even commonplace in manufacturing.
This combination of factors means that ransomware is a very real threat to manufacturing businesses. There are several steps that organisations can take to protect themselves, from installing a robust ransomware detection tool, to regularly backing up data and encrypting sensitive information, but what can be done if an attack happens anyway?
The first thing to do is to confirm which communication channels are available and safe to use, since the attackers might have compromised emails or other platforms. Secondly, stakeholders should be informed of the attack — this is a critical phase that might benefit from the intervention of a PR or reputation management specialist. Remember that you have a legal obligation to inform those whose data have been impacted, and that this should be done as soon as possible and hopefully before sensitive information is leaked.
All affected systems should be disconnected, but not powered off. This allows cybersecurity specialists to gather relevant data for forensic analysis, which might help identify the details of the ransomware that infected the system and the decryption key. Other helpful clues can also be gathered from the ransom note.
Once the source of the attack has been isolated and the potential vulnerabilities have been patched, it’s possible to start restoring systems from backup data. From this moment on, it’s important to perform regular penetration tests to ensure that previous vulnerabilities have been properly addressed. It’s also critical to regularly back up data and keep at least one copy of the backups offline.
The rise in ransomware attacks should not discourage manufacturers from digitalising their premises. With the right contingency plan in place, companies can take advantage of the latest automation tools while keeping their operations safe. For more information on cybersecurity for manufacturing professionals, head to our EU Automation’s online Knowledge Hub.