Quebec Industrial Barometer - 15th edition (2024) of the STIQ: What you should know about Cybersecurity.

The manufacturers' association STIQ has just published the 15th edition (2024) of its industrial barometer. This barometer highlights the following points concerning the cybersecurity of Quebec manufacturers:

● 73% of manufacturers consider the risk of cyber-attack to be high, an increase of 6% compared to the 2023 barometer (67%). Compared to 2021 (63%), the increase is 10%.

● Manufacturers with between 100 and 500 employees, those who have implemented at least 4 digital technologies and those who have implemented more (6 or more) believe they are most at risk of piracy. They estimate their level of hacking risk at 77%, 63% and 77% respectively.

● On average, 30% of Quebec manufacturing organizations have suffered cybersecurity incidents in the last three years. Larger organizations (100 employees or more) are significantly more affected (2 times more impact).

● Manufacturers with between 100 and 500 employees, those who have implemented at least 4 digital technologies and those who have implemented at least 6, have suffered more cyber attacks over the past three years, respectively 41%, 25% and 35%.

Impact

● 49% of manufacturers who suffered a cyber attack had to restore their systems, software and data.

● 26% have suffered data loss or theft

● 26% had to stop operations

● 23% lost income

● 26% had no impact

Cybersecurity measures in place within organizations

● 96% of manufacturers have implemented a data backup plan

● 77% have implemented monitoring software

● 50% have implemented a contingency plan designed by cybersecurity experts

● 41% have audits and intrusion tests carried out by cybersecurity experts

Analysis of barometer results vs. our field experience

1- Manufacturing sector still attractive to pirates

The manufacturing sector remains one of the most attractive for hackers (30% of manufacturers have suffered a security incident). Some examples:

● The impact of cyberattacks has serious and immediate consequences for manufacturers: production line stoppages, poor sales, major financial losses, etc.

● Manufacturing networks are not very secure (existence of legal systems, outdated or unsupported operating systems such as Windows 2008, XP, vulnerable OT/IOT, insecure remote access solutions, insufficient user awareness, etc.). This makes them easier to hack than other business sectors. Hackers prefer to attack weakly-secured targets.

Solution: manufacturers should take into account the fact that they are a prime target for hackers, and that they will continue to suffer cyber-attacks. They therefore need to define a clear cybersecurity strategy and make sure they identify and mitigate the main cyber risks that can target them.

We strongly recommend that IoTs use IEC 62443 as the basis for their cybersecurity governance framework.

For IT, cybersecurity standards such as ISO 27001, NIST, CIS and CMMC are acceptable.

2 - Manufacturers continue to recognize the threat of ransomware

The survey shows that 96% of manufacturers have a data backup plan in place.

This shows that manufacturers have understood that cyber attacks are here to stay, and that they have to consider that sooner or later they will be the target of a cyber attack (it's only a matter of time). They are therefore looking to put measures in place to mitigate or eliminate the impact of cyber-attacks.

Solution: the next step for manufacturers is to regularly test their backups to ensure that they will be usable when needed. Indeed, our experience in the field shows that back-up testing is not done very often, and it's only when an incident occurs that you realize that the back-ups aren't working.

3 - Ransomware is the most feared risk

The focus on data backups shows that ransomware is the cyberattack most feared by manufacturers. And rightly so, as ransomware is a scourge and will continue to be one of the most dangerous cyberattacks over the next few years.

Solution: make the fight against ransomware a priority. Reinforce your network security, take regular backups, monitor your network security 24/7 and have an incident response plan. Run a ransomware response simulation at least once a year to prepare yourself to react quickly, because it's only a matter of time before you suffer such an attack.

4 - Half of manufacturers unprepared for cyber attacks

Only 50% of manufacturers say they have a contingency plan defined by cybersecurity experts. Yet having an incident response plan is crucial for dealing with cyberattacks. Not having one puts the organization at risk during a cyber-attack, and significantly lengthens the time it takes to get back into production.

Solution: you should always have an incident response plan that clearly indicates the role of each player in the event of a cyber attack. Test your plan at least once (1) a year.

5- Poor assessment of the actual level of protection of manufacturing networks

The study shows that 77% of manufacturers use security monitoring software.

Our experience in the field shows that this high rate is linked to confusion or misunderstanding of the role of security tools and their scope. Indeed, most of the time, firewalls and antivirus are the security software in place at manufacturers. There is a trend towards replacing antivirus with EDRs. Few manufacturers use protection tools such as intrusion detection systems.

Antivirus and EDR software are often not installed on legacy systems (Windows 2008, etc.), printers and many other OT/OIT devices, etc. This means that manufacturers often lack 360-degree visibility of their network security. It is impossible to have adequate security without 360% visibility of network security.

Solution: to strengthen their security and protect themselves from today's cyberattacks, manufacturers should implement a defense-in-depth strategy, with network perimeter protection (via IDS/IPS/NDR), in addition to endpoint protection (via antivirus, EDR, etc.). They should also harden their systems, focusing on security vulnerability management and user awareness.

6- network security monitoring

It's not enough to deploy network security monitoring software. You also need to take daily responsibility for the security alerts managed by these tools, in order to quickly detect and eradicate ongoing attacks.

In my experience, many manufacturers deploy security tools but do not monitor them. Without monitoring tool alerts, attacks will continue, and the hacker will eventually gain access to the network.

Solution: to minimize the risk of being hacked, you need to monitor your network security 24/7. Alerts generated by tools should be taken according to their level of security, to avoid them becoming a problem.

7- the forgotten ones - smaller manufacturers

In my experience, smaller manufacturers (1 to 99 employees) have the impression of being below the radar of hackers, either because they are too small to be of interest to hackers, or because they are invisible on the Internet. This is incorrect.

Most attacks are launched by botnets (automated attack machines that run 24/7 in search of vulnerable systems). If a botnet unfortunately stumbles across your network, you may be the victim of an attack.

Note that it takes about 4 to 5 minutes for any new system connected to the Internet to start being attacked. Nobody can hide forever.

Finally, these environments are often not very secure, and it's not uncommon to see computers without anti-virus software! This increases the risk of hackers

Solution: even if you're a small manufacturer, put the necessary measures in place to secure yourself (e.g. install an EDR on every computer, monitor your network and make your backups).

Need help? StreamScan is here.

Streamscan specializes in cybersecurity for manufacturers.

Cyber attacks are exploding all the time. Without continuous security monitoring, you're completely blind to the attacks targeting you. And you can't defend yourself against what you can't see.

Need help with your cyber security? Contact us at +1 8 77 208-9040 or speak to one of our experts.