Downtime Destroys Manufacturers' Productivity: How to Ensure Data Resilience and Ransomware Recovery

MAY 3RD, 2023

A recent report from industrial cybersecurity firm Dragos found that ransomware attacks on industrial infrastructure nearly doubled in 2022. In fact, 70 percent of all ransomware attacks were focused on manufacturing, a year-over-year increase of 87 percent. The latest IBM Security X-Force Threat Intelligence Index 2022 report found that manufacturing is now the most frequently hacked industry.  

Vulnerabilities also increased by 27 percent, according to the report. That’s because the standard IT approach to mitigating vulnerabilities is a patch. But in the industrial world, patching an operations technology (OT) component can require system and plant shutdowns—an expensive proposition.

That explains why the report also found that 77 percent of vulnerabilities lack mitigation. But failure to patch can lead to more devastating impacts than a planned shutdown—like ransomware that locks up all your data. That’s why industrial control systems (ICS) and OT rely on alternative methods to reduce risks and keep production lines moving. More is needed.

ICS/OT Cyber Defense Strategies

Dragos recommends that manufacturers employ the critical controls outlined by the SANS Institute—a cooperative for information security thought leadership. While the SANS institute publishes and updates “20 Critical Controls for Effective Cyber Defense,” the top five controls are crucial:

1. ICS incident response

Manufacturers should have an operations-informed incident response plan in place that is focused on system integrity and recovery capabilities, taking the complexity out of the response to attacks in operational settings. The plan should include exercises that cover risk scenarios and use cases customized for your security environment to improve operational resilience by supporting root cause analysis of potential failures and cyber incidents.

2. Defensible architecture

Building a defensible ICS architecture requires visibility, log collection, asset identification, segmentation, industrial demilitarized zones, and process-communication enforcement. Closing the gap between technologies and internal teams via system design and implementation increases security team efficiencies and capabilities.

3. ICS network visibility monitoring

Continuous network security monitoring with protocol-aware tool sets and systems of systems—dedicated systems that pool their resources and capabilities together—interaction analysis is crucial for ICS environments. This capability keeps operations teams informed about potential vulnerabilities, strengthening resilience and supporting recovery if needed.

4. Remote access Security

Deploying remote access controls is vital to securing ICS and OT implementations. These include role-based access controls (RBAC), multi-factor authentication (MFA), zero-trust access models, and more.

5. Risk-based vulnerability management

Risk-based vulnerability management prioritizes high-risk ICS vulnerabilities, putting controls and device requirements in place to support better decision-making for prevention, response, mitigation, and recovery.

Data Resilience and Disaster Recovery for Manufacturers

Solutions like Arcserve Unified Data Protection (UDP) offer manufacturers some of these controls with a single platform that unifies data protection and prevents cyberattacks across on- and off-premises workloads.

Safeguarded by Sophos Intercept X Advanced cybersecurity, Arcserve UDP combines deep-learning server protection, immutable storage, and scalable onsite and offsite business continuity for a multilayered approach that gives you complete IT resiliency for your virtual, physical, and cloud infrastructures—including ICS and OT.

Arcserve UDP reduces downtime from days to minutes and validates recovery time and recovery point objectives (RPOs/RTOs) and service-level agreements (SLAs) with automated testing and granular reporting. The solution protects against data loss and extended downtime across cloud, local, virtual, hyperconverged, and SaaS-based workloads.

You can also recover faster with instant VM and bare metal recovery (BMR), local and remote virtual standby, application-consistent backup and granular restore, hardware snapshot support, and extensions that deliver high availability and tape support.

Arcserve UDP makes data protection flexible and straightforward, with a multi-tenant, cloud-based, or private management console, depending on your needs. You can easily scale hybrid business continuity topologies, locally or over long distances, with multiple sites, including service and cloud providers.

Installation takes a few clicks, letting you create data stores on the recovery point server, add the nodes you want to protect, a storage destination, and a plan. Then perform jobs such as backup, virtual standby, and replicate, and recover with a simple restore or a bare metal recovery.

Get Expert Manufacturing IT Support

Arcserve technology partners are recognized data protection, cybersecurity, and recovery experts. For guidance in strengthening your manufacturing company’s data resilience, find an Arcserve partner here. And read the case study on how Arcserve was a game-changer for one French manufacturer here.