This article is contributed by Ray Texter, Chief of Information Security at Texas United Management, and a customer of eSentire MDR.
The threats of cybersecurity are front and center in mining as operations become increasingly dependent on technology and digitization. How can the industry fight off what it can’t see?
Security leaders in the manufacturing sector are tasked with being proactive and maintaining the highest level of visibility and control to balance security and functionality
and align with business objectives. Yet partnerships with third parties (contractors) are the backbone of the entire industry – we all work together to deliver “the goods” to the end customer.
When a third party is introduced, organizations are placed in more of a reactive position, relying on the supplier regarding security posture, policies, etc., we start to lose control of
our systems. Additionally, manufacturers often operate as a distributed workforce spread across various projects, work sites and often countries, increasing the odds of a security breach.
In particular, the industry is increasingly the target of ransomware cyberattacks that lead to costly project delays exposing proprietary information shared across joint venture partnerships, consortiums and sub-contractors. Successful attacks unfold in mere hours from initial access to data exfiltration and ransomware deployment, making the time to detect and time to contain critical factors in building an effective cybersecurity program.
Unless you’re prepared to defend against ransomware, these attacks result in your organization being locked out of critical systems and applications for days and weeks. In many cases, the resulting downtime can cost organizations hundreds of thousands and even millions of dollars daily.
These attacks are, unfortunately, not uncommon. Using just one well-known cybercriminal group as an example, two affiliates of the Conti Ransomware Group – one of the longest-running and most lethal ransomware groups today – claimed that they had compromised 81 victim organizations between the end of February and mid-July 2022. Victims included a parts manufacturer and a supplier of components to military organizations, aerospace companies, and auto manufacturers.
As cyber criminals evolve, these attacks offer threat actors increasingly stealthy, scalable and privileged access to any organization’s on-premises, cloud or hybrid environment. These groups use clever techniques to dupe victims with clever phishing emails and drive-by downloads from infected websites. They combine a recipe of malware, including credential harvesting, backdoor and remote access tools, data collection, ransomware and even data wipers to cripple businesses.
But while we may never be able to eradicate cybercriminals’ actions, we can become more resilient. Companies like Texas United Management (TUM) are 24 hours a day, seven days a week, three full rotating shifts and are in constant M&A mode. With multiple locations, lateral movement of a cyberattack can happen swiftly, making it more difficult to mitigate the risk.
Throughout my career and at TUM, we’ve identified three core areas critical to our protection and resiliency.
1. Find the right cybersecurity partner
Even with years of cybersecurity planning experience, I knew there was no way I could keep our company’s operations and information safe on my own. Outsourcing security operations to a partner who can manage, detect and respond to threats and anomalies can drastically improve an organization’s security posture and cyber resiliency. Especially when considering challenges such as the cybersecurity skills gap and growing data problems (remote users, cloud, etc.), all compounded by the rapidly evolving threat landscape.
But finding a long-term partner that is a good fit for your business takes some deep level shopping techniques. We have been working with eSentire for a few years now and enjoy a powerful relationship. My tips on what to look for in a partner:
- Look at people and process first and foremost. You can assume they may understand the technology, but that only fixes, maybe, 20% of the problem. The people on the team and the processes the security company employs are what makes a partnership work.
- Ensure they understand your business model. A salt mining company, for example, is very different in a lot of ways than parts manufacturing. A cybersecurity partner needs to be willing to learn and adapt. Ask them to present to you a mock scenario for an incident – what does an escalation look like? How would they work with your team to keep them focused and help you provide updates to the leadership team?
- Reference check. As when hiring anyone, insist on talking with some of their customers. Customers won’t hold back regarding issues or needs.
- Do some research on your own. I suggest checking out, for example, what Gartner Research Group says about various Managed Detection and Response (MDR) companies. In particular, the “R” is critical. How are companies ranked and why?
- Find a partner that can grow with you and not just react to the “problem of the day.” Together, a good partnership with the right cybersecurity organization can help you change your business from the bottom up, creating longer term resiliency.
2. Have a strong incident response plan
To survive any “disaster,” a team must be prepared, practiced and poised. This can only happen if your Incident Response (IR) plan is written in precise, clear language detailing step-by-step actions and assignments. Having a ‘ready for anything’ mentality, accounting for the unknown, minimizes the impact on the business. Secondly, drill your team. Hold mock situations to physically practice a cyberattack. Muscle memory could mean the difference between quick, decisive action during a crisis versus a “deer in the headlights” response. And even if your IR plan is 80% ready for most situations, you should lean on your cybersecurity partner to pick up the slack.
Resilience is defined as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.” While a good IR plan anticipates issues, adaptation (conducting post-mortem analyses to identify lessons learned and make appropriate people, process and technology changes) and evolution (today’s solutions may not solve tomorrow’s problems, so constantly challenging our way of thinking and evaluating whether we’re solving or prioritizing the right problems the right way) are particularly critical parts of the package.
3. Segmentation of networks
Segmentation of networks – putting barriers between an organization’s operational and enterprise networks – has become a fundamental industry best practice, especially
in today’s distributed workforce. Network segmentation allows network administrators to control the flow of traffic between subnets improving monitoring, boosting performance, localizing technical issues, and – most importantly – enhancing security. The use of network segmentation strategies such as guest-only networks and user group strict access rules helps to manage the specific user permissions for data access. For example, you can allow users to access some network resources that allow them to carry out their duties but restrict access to mission-critical systems or sensitive data.
In conclusion, while we may never be able to eradicate cyberattacks and the bad actors who perpetrate them, there are core things we as security professionals can do to shore up our protections and mitigate risk. Segmenting networks and having a strong, well-practiced IR plan in place are two cornerstones of a strong security posture. Perhaps most importantly, we need to embrace finding a like-minded, well-respected security partner that will be our “ride or die” when the attacks do occur, and who understands the business objectives and growth projections.
Originally posted on northamericanmining.com
