Manufacturing
Nearly 70% of industrial organizations
experience some form of cyberattack,
targeting both IT and OT systems
Industry 4.0 has revolutionized manufacturing with automation, industrial IoT, and data analytics, and has truly become a global supply chain knowing no geographic borders. However, as it has expanded so has the cyber-attack surfaces. Specifically critical manufacturers need to protect both their trade secrets between facilities as well as their global supply chain. Since 2021, the manufacturing sector has seen a 107% increase in cyber-attacks, largely driven by the adoption of Industry 4.0 innovations. These attacks are particularly concerning as they often lead to operational disruptions, with 1 in 4 manufacturing enterprises having to halt operations due to cyber incidents.
Merck & Co NotPetya Cyber Attack
In June 2017, Merck & Co. was hit by the NotPetya cyberattack, a destructive malware initially aimed at Ukrainian targets but quickly spread globally, affecting numerous multinational corporations. NotPetya leveraged a vulnerability in Microsoft systems that lacked a necessary security patch, allowing the malware to propagate across networks, destroying data on over 40,000 computers at Merck. Unlike traditional ransomware, there was no way to recover the encrypted data, even if ransom was paid.
Impact
- Estimated ~$1.4 billion in total losses
- Disrupted Merck’s manufacturing processes, including the production of APIs and other critical operations.
- The production of Gardasil, one of Merck's key vaccines, was significantly affected.
- Merck had to borrow doses from the CDC’s stockpile to meet demand, highlighting the disruption's extent.
- The attack also resulted in a backlog that impacted sales and operational efficiency over the subsequent months.
Government Response/Regulation
- Cybersecurity Frameworks and Guidance: Following NotPetya, federal agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) issued updated guidelines for critical infrastructure companies, emphasizing the importance of timely patch management, enhanced network segmentation, and stronger defenses for IT and OT systems to limit malware spread.
- Emphasis on Supply Chain Security: The U.S. government and international partners highlighted the need for pharmaceutical companies and other critical manufacturers to develop robust contingency plans for cyber disruptions. The goal is to protect supply chains and maintain production continuity during cyber incidents.
Lessons Learned
- Importance of Timely Patch Management: Ensuring systems are up-to-date with security patches is critical to preventing malware from exploiting known vulnerabilities.
- Strong Network Segmentation: Dividing networks and systems into segments can limit the spread of malware and protect critical operations from wider disruptions.
- Preparedness for Supply Chain Impact: Companies need robust contingency plans for supply chain disruptions caused by cyberattacks, especially in critical industries like pharmaceuticals.
- Legal and Regulatory Preparedness: Understanding and ensuring compliance with cyber insurance policies is essential, as insurers may challenge coverage based on specific policy exclusions.
Source: Fierce Pharma; Risk & Insurance
The Invisinet Solution
- Zero Trust Approach: limits access to critical systems to only pre-authorized users, reducing the chances of unauthorized actors gaining entry. This would include multi-factor authentication and strict user identity verification.
- Cloaking Key Systems: Invisinet’s cloaking technology hides key IT and OT systems (particularly SCADA) from the attackers, making it harder for them to identify which assets to target.
- Maximize Your ZTNA Investments: Incorporating identity data within session packets enhances real-time network auditing and reduces false indicators of compromise. Additionally, Invisinet enhances your anomaly detection, making it smarter and more effective.
- Regulatory Assurance: Invisinet supports regulatory compliance by integrating real-time auditing features, ensuring that identity information is accurately monitored and reported within session packets. This not only helps meet evolving cybersecurity regulations but also mitigates non-compliance risks, all while delivering cost-effective and low-disruption solutions that align with operational needs.
- Seamless IT and OT Integration: Invisinet bridges IT and OT layers, providing end-to-end, low-latency protection within heterogeneous environments. This ensures that both domains are secured effectively without compromising speed or efficiency, making it a truly cost-effective solution for industrial and critical infrastructure.