How Lunch at the Local Coffee Shop Led to Compromise an Organization’s Entire Infrastructure
A scene we see all too often. A busy coffee shop full of patrons sipping their favourite hot beverage, with the glow of laptops and iPads eagerly using up the available free Wi-Fi. Little do they know, this ubiquitous activity can open the door for cyber criminals to steal identities, data and attack any networks they are connected to.
We have become accustomed to the availability of free Wi-Fi at these establishments, so much so that we often click to accept the terms of free internet, without heeding the dangers of using public networks. One such example occurred recently (described in an article by ZDNet – see link below for the full article) when a corporate laptop being used in a coffee shop was enough to allow a sophisticated cybercrime group to compromise an organization's entire infrastructure.
The incident began when an employee of the manufacturer took their laptop to a coffee shop and used it to visit the website of one of the firm's partners. The security researchers said the user visited the site after being directed there by a phishing email -- and that the site had been compromised by FakeUpdates, a malware and social engineering campaign affecting thousands of Joomla and WordPress sites. The malware shows users pop-ups which claim their browser software needs updating. In this instance, the laptop was then infected with the Dridex banking trojan and the PowerShell Empire post-exploit toolset (please contact our Cybersecurity team for the technical explanation).
The security software being used by the manufacturer (the vender was not named) relied on devices being inside the corporate network to pick up threats. As the laptop was being used outside the network, this incident didn't become apparent until the laptop was back in the office -- by which time it was too late. The infected laptop then served as an entry point for the attackers to compromise the entire corporate network, allowing attackers to access dozens of systems that could be compromised by taking advantage of the user's permissions. (For the full story, see ZDNet’s ARTICLE HERE)
How many of us have simply clicked ‘ok’ when a pop-up tells us an update is available? (Editor’s Note: an update for my Logitech mouse popped up while writing this – I’m relying on Mr. Norton and our security system to tell me it’s safe).
The coffee shop example is just one example of how an innocent act can have big consequences, without the proper precautions and systems in place. How employees use technology is an important factor in ensuring their employer’s cybersecurity.
Critical Issues Affecting Manufacturers
An alarming percentage of small and medium-sized Canadian businesses experienced cyber incidents last year (22% of manufacturers world-wide), averaging 22 to 24 hours in downtime. The average cost of a cyber breach in Canada was $6.11 million during that same period. Overall, 48% of manufacturers have suffered from cyber-attacks, with 24% sustaining financial and other business losses.
Cyber incursions continue to grow in frequency and severity. Cyber threats have been identified as one of the most critical issues in the next 5 years, yet according to our friends at Ernst & Young, 58% of Canadian firms still say information security has little or no influence on their business strategy or plans.
- 67% of firms confirmed they do not have a threat intelligence program (or only have an informal one)
- 45% of firms confirmed they do not have vulnerability identification capability program (or only have an informal one)
- 52% of firms confirmed they do not have a breach detection program (or only have an informal one)
Our team recommends you take a look at where these stats fit with you organization. If you are in the same boat, you likely have some holes that need to be plugged!
Every year, EMC surveys senior manufacturing leaders across Canada, on the critical issues affecting their business.
Among the most significant plant management issues they are anticipating in 2019: Technology grades; Risk and Resource Management; IT (including security) Issues; and Global Expansion all rank very high. At the top of ‘Changes Anticipated’ in the next five years – Investing in New Production Equipment and Processes – is number one. These issues all touch on cybersecurity. How can Canadian manufacturers protect themselves, when even the most sophisticated organizations can at times struggle? The answer is with help.
Global market expansion, new/advanced and more technical production equipment, systems and process are requiring equally enhanced digital security and diligence, to ensure industry’s productive strengths, proprietary know-how and intellectual property assets are protected.
What to Be Aware Of / Next Steps
Direct attacks notwithstanding, for many businesses it appears careless or unaware employees are often the culprit for a cyber incursion. How many have seen colleagues who open e-mail or attachments or click on a link telling them “you have to see this!” (I’m betting most of you were thinking the name of that person as you read this).
As we saw with the coffee shop example, this is the number one vulnerability in the last 12 months, with 36% of Canadian responding firms citing poor user awareness and behaviour as the top risk (27% of those firms say this is the most likely source of a cyber-attack).
Perhaps the most startling statistic, is 91% of respondents in the EY survey said discovery of a breach that impacted the organization would be the catalyst for increasing their cybersecurity. Waiting until after-the-fact is a complacency that industry simply cannot afford and only 16% of Boards have sufficient information security knowledge to fully evaluate, with only 13% saying they are excellence at crisis management.
The industrial cybersecurity market is expected to grow by $10 billion through 2023. Measured by sector, manufacturing and energy are the top two critical industries targeted for cyber intrusions. More than half of manufacturers have suffered from cyber-attacks, with a quarter experiencing significant financial and business losses. It’s not just a big company problem. 58% of malware attack victims are categorized as small businesses.
Its not all doom and gloom, rather an emphasized need for greater vigilance. With the acceleration of advanced manufacturing automation and robotics, machine learning / AI, blockchain and IIoT, cybersecurity is an important element to protecting your business during the fourth industrial revolution.
In developing the EMC Secure Cybersecurity Initiative for our member manufacturers, “what happens once the intruders are behind the firewall” is one of the first questions we were challenged to answer. According to the FBI, it can take up to 230 days to find an issue. Many firms rely on firewalls, virus and malware scanners and do not pay attention to the traffic itself. Malware/antivirus scanning software is fairly passive and can be fooled.
Also at the top of the list is the prevalent skills shortages and constrained budgets related to IT and cyber-related needs. Many manufacturers are challenged to have the necessary personnel or resources onsite, to properly monitor, manage and mitigate against cyber intrusions. Sophisticated cybercrime organizations are getting past even the most complex networks (as you have no doubt read about in recent media), so industry needs to improve their efforts.
After significant due diligence, EMC elected to partner with N-Dimension Solutions - a market leading Managed Detection and Response (MDR) solutions provider, who brings innovative technology (and a team of subject-matter-experts) experienced in helping manufacturers and related industries. Via EMC Secure, N-Dimension is providing the N-Sentinel platform and resources to our members, delivering service and support for vigilance, detecting and alerting on cyber threats.
"Cybersecurity has become an increasingly important issue for our manufacturers," said Al Diggins, Chairman of the Board of Directors, EMC. "The resources and solutions which N-Dimension is providing fills a critical need which our members have been seeking, providing cybersecurity visibility, intelligence and remediation guidance. Their proven experience within both industry and energy sectors, as well as a deep cybersecurity expertise, fulfills the growing need to protect and strengthen both IT and industrial networks.”
As EMC does with all its programs, the goal is to provide our members with a tailored program which protects IT and industrial networks from cyber-attacks – without impacting or slowing their systems – while delivering reliability and safeguarding for critical infrastructure, data and assets.
“Manufacturers across Canada (and globally) are more connected today than ever before,” said Shawn Casemore, President of EMC. “With data from ERP systems and equipment being held in the cloud, and the continued growth of online commerce and advanced technologies, our members are highly vulnerable. The EMC Secure program provides our members the protection and support they deserve to avoid disruption and risks to their businesses.”
We have also arranged for members to test-drive the program for 60-days at no cost! See the link below for more information on the resources available and/or to start your trial.
During a ‘Cybersecurity for Manufacturers’ webinar we hosted earlier this month, Scott Mossbrooks, from EMC’s Cybersecurity Team at N-Dimension recommended the following best practices for our members to check on:
- Educate Staff
- Inventory All Assets
- Implementing Access Controls
- Have a Bring Your Own Device (BYOD) Policy
- Know Where Data is Stored
- Maintain, Validate, Test Back-ups
- Employing services such as Cybersecurity Monitoring and Vulnerability Assessment Scans
Keep in mind, the coffee shop example can also include employees who connect their personal devices to your corporate network or Wi-Fi. Some organizations have prohibited/limited the use of USB thumb-drives for example. Developing a detailed and visible cybersecurity strategy covering these points, educating your employees and engaging resource solutions, will help create a culture of vigilance and address those top three areas of vulnerability.
Avoiding complacency is probably the best advice. If for no other reason, think of your customers. Depending on the report, between 48% and 70% of consumers said they would stop using a company following a security breach affecting their data.
With 2019 almost upon us, we want to be sure you take advantage of the no-cost 60-day trial (while its available). Simply contact us and complete the brief questionnaire to begin the simple process. (CYBERSECURITY QUESTIONNAIRE).
In the new year as part of its EMC Secure Initiative, we will be launching a Cybersecurity Cluster – networking and benchmarking member group and sessions for manufacturers to discuss, share and learn from the subject-matter-experts and each other. Also, later in the year we are planning to introduce new future skills programs related to the technical skills shortages, to further help industry. More news to follow!… be sure to visit our website (www.emccanada.org/emcsecure) to stay up-to-date on current and new resources.
In the meantime, if you have any questions or require assistance, please be sure to contact us.
On behalf of EMC’s Cybersecurity Team, we wish you a very Merry Christmas, Happy Hanukkah and Season’s Greetings. All the best for a safe, prosperous and hopefully incursion free New Year!
Cheers from EMC,
National Director, Programs and Partnerships / Cybersecurity Team Lead