Send us a Text Message.

According to IBM’s Cost of a Data Breach Report, nearly 20 percent of the organizations surveyed stated that they have experienced a breach stemming from a compromise in their supply chain, or a vulnerability related to it. The average cost of these breaches was estimated at just under $4.5 million. Their data also found that attacks emanating from the supply chain had a longer lifecycle than average.

The increased costs and complexities of addressing supply chain attacks is not a surprise when you consider that these intrusions not only impact the targeted company, but the logistics, distribution and retail elements that are dragged along on this difficult and painful ride. To help dive into the factors associated with supply chain attacks and other cybersecurity challenges, we welcome Theo Zafirakos, a Cyber Risk and Information Security Expert at Fortra to the show.

Watch/listen as we discuss:

• The three primary soft spots from which supply chain hacks emanate - software, devices and people.
• Why people are the most neglected of the three, and how they can be trained to identify attacks.
• The expanded role AI is playing in email compromises that help fuel supply chain attacks.
• Why IT and OT need to become more aware of each other's requirements and risks.
• The important role cybersecurity plays in ensuring operational reliability.
• The growing need for ransomware response plans, and how a national supply chain hack helped reinforce this need for all enterprises, regardless of size or sector.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

Send us a Text Message.

Due to the rise in attacks on manufacturing and critical infrastructure, and the devasting impacts these attacks have on daily lives around the world, the World Economic Form recently unveiled a report entitled Building a Culture of Cyber Resilience in Manufacturing.

This initiative not only identified the sector’s primary challenges for developing a culture of cyber resilience, but also formulated three guiding principles for establishing an enduring strategy. They revolve around people, processes and culture.

I was fortunate enough to have one of the key contributors to the creation of these strategies sit down with me for some unique takes on the biggest challenges facing industrial cybersecurity. Watch/listen to my conversation with Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, a leader in cyber resiliency strategies and services, as we discuss:

• How the capital investment process utilized throughout manufacturing could be leaving several key players behind, and the negative impacts this could have on the entire sector.
• Why security is not a tool, but a process.
• The ongoing issues associated with asset inventory and the first steps to take in correcting this issue.
• The Trojan Horse dynamic that smaller enterprises need to embrace in order to improve their security posture.
• How to know if you're the biggest risk or weakest link in a production environment or supply chain.
• Why regulatory efforts focused on cybersecurity could dramatically change the composition of the industrial sector.
• The difference between moving to the cloud and securely moving to cloud platforms.
• How security should be a driver of digital transformation strategies.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.

Send us a Text Message.

When looking at industrial cybersecurity, more attention is being paid to how workers are logging in to access critical machinery, software or data. And according to Trustwave Threat Intelligence’s recent Manufacturing Threat Landscape report, 45 percent of attacks experienced by manufacturers stemmed from the bad guys accessing credentials.

Whether by utilizing brute-force tactics, submitting fake support tickets, or purchasing logins on the Dark Web, this seems to prove that hackers would much rather log in than break in.

The report also cited the rise of Initial Access Brokers, or groups that focus specifically on obtaining and selling log-in data to other hackers. One example cited by Trustwave saw an IAB offering access to a leading steel manufacturer for just over $60,000. Unfortunately, this is not a unique circumstance, which is why we're talking to David Cottingham, president of rf IDEAS to weigh in on the ongoing challenges surrounding secure access throughout the OT environment.

Listen as we discuss:

• The importance of simplifying security processes to keep people engaged with them.
• Why no manufacturer is too small to be a target for credential-based attacks.
• Overcoming the bad behaviors that can result from operations personnel dealing with over 25 passwords.
• Avoiding punitive actions surrounding people-based security vulnerabilities.
• Why dual factor authentication strategies are key to ongoing security developments.
• Best practices for mobile device use.
• How VPNs, firewalls and password wallets are simultaneously solutions and vulnerabilities.

To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

To download our latest report on industrial cybersecurity, The Industrial Sector’s New Battlefield, click here.