Security is a critical consideration when embracing the Industrial Internet of Things. With discrete devices creating huge volumes of data, the shift to IoT means manufacturers have more to protect than ever before – and more points of vulnerability to keep track of.
Manufacturers need to ensure that as they connect their operational technology and data in new and exciting ways, they don’t leave their most valuable digital property exposed to malicious attacks and theft.
But what happens when those threats come from within — being orchestrated by those trusted to handle sensitive data and intellectual property on a daily basis?
Practically, it’s an extremely difficult challenge to tackle. Unlike external threats, the behavioural patterns of malicious insider activity may be specific to your business and can be much harder to detect than more traditional threats such as malware. While it may be possible for teams on the ground to spot a disgruntled employee, it’s virtually impossible to predict who may launch such an attack, or where or how they’ll do it.
We recently spoke to a number of security experts to help us better understand the challenges faced by manufacturers embracing the Industrial Internet of Things (IIoT) and compiled their insights into a new paper exploring everything manufacturers need to know to securely adopt IIoT for themselves.
One of those experts was Rikki Gorman from Nuix, who walked us through how manufacturers can better protect their invaluable intellectual property and the vast quantities of data generated by their IIoT technology against unpredictable internal threats. Here’s what he shared.
The anatomy of an internal attack
When we think about the theft of extremely valuable intellectual property, it’s easy to drift into imagining a highly sophisticated heist, carried out by a team of experienced hackers. The reality however is often far less complex.
Often, an internal breach can be as simple as single individual plugging in a USB pen, grabbing the data they want (because they already have approved access to it) and walking right out of your factory. It’s remarkably simple, and it’s that simplicity which makes it so hard to combat.
Tools like artificial intelligence have made companies very good at detecting malicious traffic and behaviour patterns when they originate from outside of the business’s core network. However, the sheer simplicity of these internal breaches makes them virtually unpredictable.
Practically for security teams, prevention won’t always be possible. Instead, what they need to focus on is logging and monitoring end-user activity. Detailed logs and data access audits ensure that in the event of such a breach, companies can easily attribute it to a clear source, and take the appropriate action.
The role of governance and monitoring
With internal breach prevention not always an option, the next thing for manufacturers to focus on is limiting the amount that an internal attack can damage the business. That’s where better data governance practices come in.
At Nuix, we developed what we call the “good shepherd” model for data governance and cybersecurity. It encompasses four best practices for better data governance that can help manufacturers reduce the potential impact of internal threats, by limiting what a single bad actor can access:
- Defensible deletion: Ensuring that old and unused data is deleted as soon as it’s no longer needed, so that it can’t be stolen in the future
- Data herding: Ensuring that all sensitive data is kept where it’s most secure, and not in places like email inboxes where it’s highly vulnerable. Doing this effectively requires strong data auditing tools that can help you identify when something is stored in a place that it shouldn’t be
- Data security: Using security tools to detect where vulnerable data is, and proactively protecting it against internal threats in the same way that you safeguard against external threats, such as setting up alerts for when specific high-value data is being accessed or moved
- Access controls: Using access control tools to ensure that data is only ever accessible by those that truly need it – limiting what each individual could potentially steal
Together, these practices can help manufacturers control the huge volumes of valuable and sensitive data that they’ll have on their hands once they embrace the Industrial Internet of Things. While it won’t always be possible to stop an internal breach, by following these practices, you’ll be able to mitigate the scope and impact of them, and identify the perpetrators quickly and effectively.
Find out more
Learn more about securing the factories of the future by downloading our new insight paper now. Inside you’ll find more expert viewpoints and advice, designed to help manufacturers just like you become more resilient against the threats targeting today’s hyperconnected factory environments.