Cyber-attacks on manufacturing companies are on the rise as attackers attempt to steal valuable intellectual property and information.
Cyber Threats to the Manufacturing Industry
Manufacturing includes automotive, electronics, textile, and pharmaceutical companies. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks against the manufacturing industry in 2015. Chemical manufacturers were the second-most targeted sub-industry in 2015, according to IBM X-Force Research.
Manufacturers depend on availability and reliability – machinery must be available to operate, and trusted to deliver. An undetected cyber attack could undermine the production process and cause substantial damage to finances and reputation. Insider threat poses a significant problem too – insiders could be well-placed to access critical systems to deliberately disrupt vital services, but also inadvertent mistakes could allow cyber-attackers to access operational technologies by using the corporate network as a through route. Manufacturing executives are increasingly aware of the greater risk of cyber-attack, and are taking steps to improve on existing security practises.
Security experts estimate that corporate espionage and theft of trade secrets robs up to $400 billion dollars a year from the U.S. economy. But others point out that many incidents go undetected or unreported, raising some estimates to as much as a trillion dollars a year. Everyone agrees that the trend is on the rise.
99.8% of all Cyber-attacks that have lead to a successful data exfiltration have used Privileged Accounts in the KillChain.
Many compliance standards like ISO27001 which is used as a framework for many others, cover areas such as Access Control and Supplier Relationships, which Osirium can help address.
Osirium focuses on Access control of Privilege Users and Accounts to separate people from passwords. We provide an operational model through separation of Identity In, Role Out based on least privilege. By this we mean that we use profiles to map the identity of a user to the role that they should have on a system, device or application.