Quebec Industrial Barometer - 14th edition (2023) of the STIQ: What you should know about Cybersecurity.

The STIQ manufacturers' association has just published the 14th edition of its industrial barometer. This barometer highlights the following elements concerning the cybersecurity of Quebec manufacturers:

67% of manufacturers consider the risk of cyberattack to be high, an increase of 4% compared to the previous barometer.

Manufacturers with between 100 and 500 employees, those who sell internationally and those who have implemented several digital technologies believe they are most at risk of being hacked. They estimate their level of hacking risk at 76%, 74% and 77% respectively.

On average, 29% of Quebec manufacturing organizations have experienced cybersecurity incidents in the last three years.

Manufacturers with between 100 and 500 employees, those who sell internationally and those who have implemented several digital technologies have suffered more cyber attacks in the last three years, respectively 45%, 35% and 32%.

Only 13% of manufacturers adhere to a recognized security standard

Only 45% of manufacturers have an incident response plan

Analysis of the barometer results

1- The manufacturing industry is still attractive to hackers

For various reasons, the manufacturing sector remains one of the most attractive to hackers (29% of manufacturers have experienced a security incident). Examples:

The impact of cyberattacks has serious immediate consequences for manufacturers: production line stoppages, poor sales, significant financial loss, etc.

Manufacturing networks are poorly secured (existence of legal systems, outdated or unsupported operating systems such as Windows 2008, XP, vulnerable OT/IOT, insecure remote access solutions, insufficient user awareness, etc.). This makes them easier to hack than other industries. Hackers prefer to attack weakly secured targets.

Solution: Manufacturers should take into account that they are a prime target for hackers and that they will continue to suffer from cyber attacks. They must therefore define a clear cybersecurity strategy and make sure to identify and mitigate the main cyber risks that can target them.

2- Manufacturers are fumbling with their network security

Only 13% of manufacturers rely on a recognized cybersecurity standard. In other words, 87% of manufacturers protect their network by trial and error, without knowing if the tools and processes in place are adequate. In the end, the network is poorly protected, and this is one of the main reasons for the high hacking rate in this area.

Solution: you should always have a cybersecurity governance framework, no matter how minimal it is. This will allow you to have a clear vision for cybersecurity, ensure that your risks are known and mitigated. Finally, it will allow you to optimize the management of your cybersecurity budgets. Examples of security standards: ISO 27001, NIST 800, CIS Security, CMMC, IEC 62443, etc.

3 - High awareness of ransomware threat

The survey indicates that 94% of manufacturers have a data backup plan in place.

This shows that manufacturers have realized that cyber attacks are here to stay and that they have to consider that one day or another they will be the target of a cyber attack (it's only a matter of time). So they are looking for ways to put in place or mitigate or eliminate the impact of cyberattacks.

The focus on data backups shows that ransomware is the most feared cyberattack by manufacturers. And they're doing the right thing, because ransomware is a scourge and will continue to be one of the most dangerous cyberattacks in the coming years.

Solution: the next step for manufacturers is to regularly test their backups to ensure they are usable when needed. Indeed, our experience in the field shows that backups are not tested very often and it is only when an incident occurs that one realizes that the backups are not working.

4 - Most manufacturers are not prepared for cyber attacks

Only 46% of manufacturers report having a contingency plan defined by cybersecurity experts. Yet having an incident response plan is crucial to dealing with cyberattacks. Not having one puts the organization at risk during a cyber attack and significantly increases the time it takes to get back into production.

It should also be noted that an incident response plan should be tested regularly, which is not the case very often in the manufacturing sector. If your incident response plan is never tested, you will never know if it will work when the time comes. You are not far from an organization that does not have such a plan.

Solution: you should always have an incident response plan that clearly states the role of each stakeholder in the event of a cyber attack. Test your plan at least once (1) a year. If you don't have the expertise in-house, you can hire a cybersecurity firm like Streamscan to help you create your plan. Streamscan can also act as your incident response team. Contact us to talk about it.

5- Bad appreciation of the actual level of protection of manufacturing networks

The study indicates that 79% of manufacturers use security monitoring software. This high percentage is simply due to confusion or misunderstanding of the role of security tools and their scope. In fact, most of the time, firewalls, antivirus and EDRs are the security software in place at manufacturers. Antivirus and EDRs are often not installed on legacy systems (Windows 2008, etc.), printers and many other OT/OIT devices, etc. This means that manufacturers often do not have a 360 degree view of their network security. Every unmonitored system is a blind spot that a hacker can exploit to enter the network. They think they are well secured when they are not.

Solution: To strengthen their security and protect themselves from today's cyberattacks, manufacturers should implement a defense-in-depth strategy, with network perimeter protection (via IDS/IPS/NDR), in addition to endpoint protection (via antivirus, EDR, etc.). They should also harden their system, focus on security vulnerability management and user awareness.

6- Many manufacturing organizations do not monitor their network security

It is not enough to deploy network security monitoring software. It is also necessary to take care of the daily security alerts managed by these tools, in order to quickly detect and eradicate the attacks in progress.

In my experience, many manufacturers deploy security tools but do not monitor these tools. Without monitoring of the tools' alerts, attacks will continue and the hacker will eventually enter the network.

Solution: To minimize the risk of being hacked, you must monitor your network security 24/7. The alerts generated by the tools should be taken according to their security level, in order to prevent them from becoming a problem. 24/7 monitoring is mandatory because you are not only attacked by humans. Botnets/robots scan the Internet 24/7 for targets, so you must remain vigilant at all times. Don't have in-house security monitoring expertise? Contact us.

Need help? StreamScan is here.

Cyberattacks are exploding all the time. Without continuous security monitoring, you are completely blind to the attacks targeting you. You can't defend against what you can't see.

Let us put our eyes on your network. Join our MDR Streamshield managed monitoring platform powered by our CDS cyber threat detection technology and keep yourself safe from cyberattacks.