Insider Threats: Manufacturing's Silent Scourge

Posted By: Tom Morrison Community,

The average cost per company for this cybersecurity issue? $8.86 million annually.

Like many industries, manufacturing is becoming more digitized and automated, with companies consistently creating new technology to stay one step ahead of competitors. This type of innovation can reap many rewards, but also comes with inherent risks—from major impacts to the bottom line to employees accidentally or maliciously leaking coveted information.

Manufacturing is among the five industries with the highest percentages of insider threat incidents and privilege misuse, according to the Insider Threat Report recently published by Verizon. The average cost of insider threats is $8.86 million annually for a single manufacturing organization with more than 1,000 employees.

The Insider Threat Risk

Insiders—whether they are employees working on the shop floor or in the corner office, users with security clearance, or third party partners—require access to critical applications, systems, and data to do their jobs effectively. While necessary, this access presents major risk to sensitive company information.

So, how can security teams at manufacturing organizations identify and stop risky insiders?

  1. Implement Training to Thwart Inadvertent Threats

It’s imperative that manufacturing executives implement regular training on cybersecurity policies so employees understand the risks and repercussions of negligence. Training should cover what cybersecurity policies are in place, why they are important, what procedures employees must follow to adhere to them, how compliance is monitored and captured, and what happens when policies are breached.

The average number of security incidents involving employee or contractor negligence has increased by 26% since 2016, according to the Ponemon Institute, an independent research agency focused on data protection and emerging information technologies. More often than not, data leakage occurs when an employee inadvertently shares sensitive data—accidentally clicking on an email, using third party storage sites to manage files, etc.

Just last year, UpGuard Cyber Risk found sensitive documents from more than 100 manufacturing companies (including Ford, Tesla, GM, and Fiat Chrysler) on a publicly accessible server, meaning anyone with an internet connection could find detailed company information. This is a prime example of an in-house problem, where an oversight in file protection led to major leakage. 

  1. Be Aware of Third-Party Contractors

Consultants and other third-party vendors are often overlooked when it comes to managing insider risk. While not a part of the core employee base, these people need a wide variety of access, which is often given without a second thought or cybersecurity training. Because they likely aren’t familiar with the organization’s cybersecurity policies and procedures, they can easily open the door to widespread vulnerabilities. Therefore, it’s important for organizations to see contractors as a part of the larger organization when evaluating and managing risk, and offer comprehensive security training to them as well.  

  1. Educate Your Workforce on the Risks of Workarounds

Time is money in the fast-paced working environment, and if slow-moving platforms or policies are hindering employees’ ability to complete their work in a timely manner, they will find workarounds. This includes forwarding confidential data to personal emails to get around various email limitations, using public WiFi networks to access information on the go, and sharing files via online tools (such as DropBox, WeTransfer, etc.). To avoid these shadow-IT and bring-your-own device (BYOD) issues, listen to what your employees’ preferences are and work with them to create policies that protect the company and that give users the ability to do their jobs effectively and efficiently. One such policy is related to USB use—it’s difficult to ban all use of USBs in an organization, so some companies have embraced them, but only company-approved USBs can be utilized and they are carefully monitored.

  1. Recognize the Warning Signs of Malicious Employee Activity  

Finally, anyone inside the organization could be exploiting their access to exfiltrate data from the company. It’s important to understand the warning signs – including, excessive use of flash drives, access to systems during unusual hours without explanation, escalation of privileges to databases, granting broad privileges to another user without authorization, and even unusually large print jobs – that often lead to nefarious employee activity. Outside-the-box employee activities like requesting secure documents and working unusual hours should raise red flags, as they can be an indication that users are intentionally subverting systems in order to collect sensitive information.

While this type of malicious hacking may seem farfetched, it’s more common than you might think. Last year, Tesla announced that a former employee tweaked code on internal products and sent company data out without authorization. It is likely the employee changed the file name to avoid detection. Had Tesla had a user and data activity monitoring tool in place, it could have triggered an alert if an employee tried to exfiltrate data via a USB, large print job, upload to cloud storage, or changed a file name.

There are other ways for someone without a monitoring tool to get visibility into user and data activity. Assuming the activity takes place over a long period of time, one approach is to enforce job rotation among those with most critical access to intellectual property, to provide accountability.

With current and former employees having access to a multitude of confidential information, it has never been more crucial to build company-wide protocols and procedures that provide full visibility and context into user actions and data movement.

 

Written by:  Mike McKee, CEO of ObserveIT, an insider threat software company, for Industry Week.